English (US)

Console warnings in Chrome browser: A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute.

Follow
Karen D Snyder

For the past few weeks, I've been seeing console warnings in the Chrome browser development tools like this: A cookie associated with a cross-site resource at https://static.zdassets.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

These warnings appear for the HelpDesk:

These warnings appear for agent admin, 

Is this something that will need to be addressed by Zendesk? Will we need to modify document_head.hbs or script.js?

18 Comments

Sort by Date Votes
  • Jahmai Lay
    • Edited
    Comment actions Permalink

    This is actually pretty serious. By all accounts, once Chrome 80 arrives, Zendesk will no longer load because of the absence of SameSite on the cookies. Could someone from Zendesk respond to this?

    https://www.chromium.org/updates/same-site

     

    0
  • Devan - Community Manager
    Comment actions Permalink

    Hello Karen D Snyder,

    This is something our team of advocates will need to help you with due to the nature of this issue. I've gone ahead and created a ticket for you on your behalf. One of our agents will be with you shortly.

    Best regards.

    0
  • Jahmai Lay
    Comment actions Permalink

    Hi Karen D Snyder can you provide any update from your interaction with Zendesk support? Thanks!

    0
  • Karen D Snyder
    Comment actions Permalink

    I have not received any replies from Zendesk support on the ticket that was created. I wrote a comment on the ticket that I haven't received any updates from them.

    0
  • Jahmai Lay
    Comment actions Permalink

    Thanks Karen D Snyder. I'll create a separate ticket, hopefully more is better.

    0
  • Karen D Snyder
    Comment actions Permalink

    I'll report any information that I receive from them about the console warning. Presumably anybody who is using Chrome is getting this warning.

    0
  • Christian Oyarzun
    Comment actions Permalink

    If you are using Chrome Dev Channel which is Chrome 80 you are no longer able to login Zendesk

    0
  • Karen D Snyder
    Comment actions Permalink

    I got an answer from Zendesk support that their developers are addressing the console errors:

    "Our development team is currently working to resolve these warning messages. I'll be sure to update you here as they provide more information about their progress and any timelines to resolution."

    So in the meantime, sounds like don't update Chrome to version 80!

    2
  • Allen Hancock
    Comment actions Permalink

    Following.

    0
  • Michael van Gelder-Horgan
    Comment actions Permalink

    For those of us using dev/canary you can change a couple of flags as a temp solution:

     

     

     

    0
  • RAW DESK
    Comment actions Permalink

    On behalf of Corporate CRM Kinepolis Belgium, I confirm this issue is still appearing also for our anonymous site vistors, having the Zendesk Chat widget available (embedded via JS snippet).

    Can anyone give us a current status of the announced fixed, after a month of inactivity in this thread ?

    Thanks upfront for your reply,

     

    0
  • Brett - Community Manager
    Comment actions Permalink

    @Raw Desk and Michael,

    It looks like this is an issue our developers are aware of and are currently working on a fix. No ETA of when this will be released, however, I'm going to create a ticket on your behalf so our Customer Advocacy team can gather more information.

    Cheers!

    0
  • Christian Oyarzun
    Comment actions Permalink

    Hopefully the ETA is before Chrome version 80 is released on the stable channel.

    February 4, 2020: Chrome 80 Stable released. SameSite-by-default and SameSite=None-requires-Secure become default behavior for all users on Stable.

     

    0
  • Brian Correia
    Comment actions Permalink

    Any updates on this?

    0
  • Marco Huaman
    Comment actions Permalink

    Hi Brett,

     

    Thanks for the update a month ago, can we please get the latest update as we get close to February?

    Regards,

    Marco

    0
  • Brett - Community Manager
    Comment actions Permalink

    @Marco and Brian, thanks for checking in here! It looks like this is still being investigated by our security developer team so nothing to report quite yet.

    I'll be sure to update this post once I have more information to provide you. Appreciate your patience!

    0
  • Andrew Lathrop
    Comment actions Permalink

    Hello Zendesk Team,

     

    Any update on this? We are now a week away from the Feb. 4th deadline and as of yet we haven't received any additional information about this cookie warning and it was originally reported to your team in Oct of 2019

    0
  • Brett - Community Manager
    Comment actions Permalink

    Hey Andrew,

    This is something our developers are still looking into at this time. I'd be happy to get a ticket created on your behalf so you can receive an email update once we have more information to provide.

    Let me know!

    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post
Powered by Zendesk