I load YouTube videos in iframes on my website using Laravel 5.8.17. Peeking in the console I'm getting this warning:
A cookie associated with a cross-site resource at http://youtube.com/ was set without the
SameSite
attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=None
andSecure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
I set my 'samesite' session.php to this now:
'same_site' => "lax", // was null before
But I'm still getting the warnings. How do I fix this properly?
For any of these warnings, if you are not responsible for the domain then you are not responsible for updating the cookies. The YouTube team will be responsible for updating the relevant code that sets the SameSite
attributes for cookies from youtube.com
.
At this point, the warnings are purely informational and are not impacting functionality. Enforcing this behaviour in stable Chrome is not scheduled until M80, currently targeted for Feb 2020.