A cookie associated with a cross-site resource at https://example.com/ was set without the SameSite
attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None
and Secure
. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Please let me know how to set the SameSite cookie attribute. Thanks in advance.
In Rails 6.0 and 6.1 the same_site
attribute has been added:
cookies["foo"] = {
value: "bar",
secure: Rails.application.config.secure_cookies,
same_site: "None"
}
For Rails 5.x and lower, the rails_same_site_cookie
gem is a good option for adding SameSite=None;
to all your app's cookies. It uses middleware to do it.