Chrome Console SameSite Cookie Attribute Warning

Tom Shaw picture Tom Shaw · Oct 3, 2019 · Viewed 65.5k times · Source

Is anybody else getting this Chrome console warning?

A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .

In Chrome Flags chrome://flags/ I've tried disabling both:

  • SameSite by default cookies

  • Cookies without SameSite must be secure

And the warning won't go away.

Answer

user984003 picture user984003 · Oct 16, 2019

This is something that the third-party cookie setters (like Stripe) need to handle on their end.

I reached out to Stripe because I was getting this message for Stripe payments.

Stripe support response:

It looks like we're already tracking this internally as this warning comes from Stripe.js, not from react-stripe-elements. For now this is a warning and won't affect payments, and we're working on a fix which will eliminate this message and be compatible with Chrome's upcoming cookie-handling changes.

(Me) So, it's all on your end? I don't need to do anything?

No, this is something we have to get worked out on our end.


Oh, if you're a developer at Stripe/Facebook/Pinterest/so-forth, this answer won't work for you ;)