How to set SameSite cookie for YouTube in Laravel 5.8

Ansjovis86 picture Ansjovis86 · Oct 21, 2019 · Viewed 8.2k times · Source

I load YouTube videos in iframes on my website using Laravel 5.8.17. Peeking in the console I'm getting this warning:

A cookie associated with a cross-site resource at http://youtube.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

I set my 'samesite' session.php to this now:

'same_site' => "lax", // was null before

But I'm still getting the warnings. How do I fix this properly?

Answer

rowan_m picture rowan_m · Nov 1, 2019

For any of these warnings, if you are not responsible for the domain then you are not responsible for updating the cookies. The YouTube team will be responsible for updating the relevant code that sets the SameSite attributes for cookies from youtube.com.

At this point, the warnings are purely informational and are not impacting functionality. Enforcing this behaviour in stable Chrome is not scheduled until M80, currently targeted for Feb 2020.