Console warnings in Chrome browser: A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.
For the past few weeks, I've been seeing console warnings in the Chrome browser development tools like this: A cookie associated with a cross-site resource at https://static.zdassets.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
These warnings appear for the HelpDesk:
These warnings appear for agent admin,
Is this something that will need to be addressed by Zendesk? Will we need to modify document_head.hbs or script.js?
-
This is actually pretty serious. By all accounts, once Chrome 80 arrives, Zendesk will no longer load because of the absence of SameSite on the cookies. Could someone from Zendesk respond to this?
https://www.chromium.org/updates/same-site
-
Hello Karen D Snyder,
This is something our team of advocates will need to help you with due to the nature of this issue. I've gone ahead and created a ticket for you on your behalf. One of our agents will be with you shortly.
Best regards.
-
Hi Karen D Snyder can you provide any update from your interaction with Zendesk support? Thanks!
-
I have not received any replies from Zendesk support on the ticket that was created. I wrote a comment on the ticket that I haven't received any updates from them.
-
Thanks Karen D Snyder. I'll create a separate ticket, hopefully more is better.
-
I'll report any information that I receive from them about the console warning. Presumably anybody who is using Chrome is getting this warning.
-
If you are using Chrome Dev Channel which is Chrome 80 you are no longer able to login Zendesk
-
I got an answer from Zendesk support that their developers are addressing the console errors:
"Our development team is currently working to resolve these warning messages. I'll be sure to update you here as they provide more information about their progress and any timelines to resolution."
So in the meantime, sounds like don't update Chrome to version 80!
-
Following.
-
For those of us using dev/canary you can change a couple of flags as a temp solution:
-
On behalf of Corporate CRM Kinepolis Belgium, I confirm this issue is still appearing also for our anonymous site vistors, having the Zendesk Chat widget available (embedded via JS snippet).
Can anyone give us a current status of the announced fixed, after a month of inactivity in this thread ?Thanks upfront for your reply,
-
@Raw Desk and Michael,
It looks like this is an issue our developers are aware of and are currently working on a fix. No ETA of when this will be released, however, I'm going to create a ticket on your behalf so our Customer Advocacy team can gather more information.
Cheers!
-
Hopefully the ETA is before Chrome version 80 is released on the stable channel.
February 4, 2020: Chrome 80 Stable released. SameSite-by-default and SameSite=None-requires-Secure become default behavior for all users on Stable.
-
Any updates on this?
-
Hi Brett,
Thanks for the update a month ago, can we please get the latest update as we get close to February?
Regards,
Marco
-
@Marco and Brian, thanks for checking in here! It looks like this is still being investigated by our security developer team so nothing to report quite yet.
I'll be sure to update this post once I have more information to provide you. Appreciate your patience!
-
Hello Zendesk Team,
Any update on this? We are now a week away from the Feb. 4th deadline and as of yet we haven't received any additional information about this cookie warning and it was originally reported to your team in Oct of 2019
-
Hey Andrew,
This is something our developers are still looking into at this time. I'd be happy to get a ticket created on your behalf so you can receive an email update once we have more information to provide.
Let me know!
-
We're getting pretty close to February. Any updates?
-
FWIW, I tried the logging in with the latest Chrome Dev channel v81 and it works. There are no longer warnings in the console.
-
Thanks for sharing Christian Oyarzun!
Mike Schiller can you confirm whether or not Chrome Dev channel v81 works for you? -
I downloaded Chrome Beta (80.x), and it does work.
-
Can you confirm if your developers are still working on this issue ? and if they have found any problems so far.
Regards,
Paul. W - Service and Operations
Kallysoft Informatik AG
-
Hey Paul,
This is definitely something our developers are still looking into and we do have a Problem Ticket created related to this. I see you have a ticket open with our Customer Advocacy team so I'll get that attached to the PT we have so you receive an update when available.
Thanks for checking in!
-
The Google roll out to chrome is looming, any updates here?
-Dave
-
Hey Dave,
Our Dev team is testing some changes with Chrome on their end but no further updates to provide at this time.
-
So, these cookies are now actively being blocked by Chrome
A cookie associated with a cross-site resource at https://zdassets.com/ was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.
-
Hello Mike Murray,
I've opened up a ticket on your behalf so our Advocates can look into this issue. You should receive an email shortly followed by a reply from our team, and we appreciate your patience during this troubleshooting process.
Best regards.
-
We're noticing this affecting Chrome 81 users now, as well as Safari users. Is there a timeline available for a fix for this?
-
Hello Ryan,
A workaround that you can do to resolve this issue is by setting the Chrome://flags/#same-site-by-default-cookies flag to disabled for the meantime.
We currently need to disable SameSite default by cookies, because Chrome rolled out an update that blocks cookies without cross-site requests if they are not set with ‘SameSite=None’ and ‘Secure.’ However, last April 3, they recently did a rollback of this update for Chrome 80 in light of global circumstances due to COVID-19. For more details about it, you may check this article: Chrome's SameSite Updates.
I hope this helps! Let me know if you have further questions or clarifications.
Best regards,
Please sign in to leave a comment.
38 Comments