Console warnings in Chrome browser: A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.
For the past few weeks, I've been seeing console warnings in the Chrome browser development tools like this: A cookie associated with a cross-site resource at https://static.zdassets.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
These warnings appear for the HelpDesk:
These warnings appear for agent admin,
Is this something that will need to be addressed by Zendesk? Will we need to modify document_head.hbs or script.js?
-
This is actually pretty serious. By all accounts, once Chrome 80 arrives, Zendesk will no longer load because of the absence of SameSite on the cookies. Could someone from Zendesk respond to this?
https://www.chromium.org/updates/same-site
-
Hello Karen D Snyder,
This is something our team of advocates will need to help you with due to the nature of this issue. I've gone ahead and created a ticket for you on your behalf. One of our agents will be with you shortly.
Best regards.
-
Hi Karen D Snyder can you provide any update from your interaction with Zendesk support? Thanks!
-
I have not received any replies from Zendesk support on the ticket that was created. I wrote a comment on the ticket that I haven't received any updates from them.
-
Thanks Karen D Snyder. I'll create a separate ticket, hopefully more is better.
-
I'll report any information that I receive from them about the console warning. Presumably anybody who is using Chrome is getting this warning.
-
If you are using Chrome Dev Channel which is Chrome 80 you are no longer able to login Zendesk
-
I got an answer from Zendesk support that their developers are addressing the console errors:
"Our development team is currently working to resolve these warning messages. I'll be sure to update you here as they provide more information about their progress and any timelines to resolution."
So in the meantime, sounds like don't update Chrome to version 80!
-
Following.
-
For those of us using dev/canary you can change a couple of flags as a temp solution:
-
On behalf of Corporate CRM Kinepolis Belgium, I confirm this issue is still appearing also for our anonymous site vistors, having the Zendesk Chat widget available (embedded via JS snippet).
Can anyone give us a current status of the announced fixed, after a month of inactivity in this thread ?Thanks upfront for your reply,
-
@Raw Desk and Michael,
It looks like this is an issue our developers are aware of and are currently working on a fix. No ETA of when this will be released, however, I'm going to create a ticket on your behalf so our Customer Advocacy team can gather more information.
Cheers!
-
Hopefully the ETA is before Chrome version 80 is released on the stable channel.
February 4, 2020: Chrome 80 Stable released. SameSite-by-default and SameSite=None-requires-Secure become default behavior for all users on Stable.
-
Any updates on this?
-
Hi Brett,
Thanks for the update a month ago, can we please get the latest update as we get close to February?
Regards,
Marco
-
@Marco and Brian, thanks for checking in here! It looks like this is still being investigated by our security developer team so nothing to report quite yet.
I'll be sure to update this post once I have more information to provide you. Appreciate your patience!
Please sign in to leave a comment.
16 Comments