Chrome recently requires cookies to be set with SameSite option. Without this option, SameSite is consider as None, but Chrome also requires that SameSite=None must go together with cookie Secure option, that means all web requests have to go through HTTPS.
These are the cases:
1. SameSite not set
Browser considers that SameSite=None, and shows warning if it is set in contents served thru' HTTP instead of HTTPS.
2. SameSite=None
3. SameSite=Lax
4. SameSite=Strict
Many libraries, for example, socket.io have their own cookies beside the cookies of the website/webapp containing them. The warning will be shown always, until updates are done in the libraries.
Socket.io has cookie named 'io', because Socket.io runs on both WebSocket and HTTP/HTTPS long-polling.
No comments:
Post a Comment