How to set SameSite attribute to 'None; Secure' in Rails3.1.12 and Ruby1.9.3

ruby-on-rails ruby ruby-on-rails-3.1 ruby-1.9.3 ruby-1.9.2
Suresh Kumar picture Suresh Kumar · Dec 5, 2019 · Viewed 10.5k times · Source

A cookie associated with a cross-site resource at https://example.com/ was set without the SameSite attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Please let me know how to set the SameSite cookie attribute. Thanks in advance.

Answer

Kelsey Hannan picture Kelsey Hannan · Jan 27, 2020

In Rails 6.0 and 6.1 the same_site attribute has been added:

cookies["foo"] = {
  value: "bar",
  secure: Rails.application.config.secure_cookies,
  same_site: "None"
}

For Rails 5.x and lower, the rails_same_site_cookie gem is a good option for adding SameSite=None; to all your app's cookies. It uses middleware to do it.

Related questions

Ruby syntax: break out from 'each.. do..' block

I am developing a Ruby on Rails app. My question is more about Ruby syntax. I have a model class with a class method self.check: class Cars < ActiveRecord::Base ... def self.check(name) self.all.each do |car| #…

Read More
Can we call a Controller's method from a view (as we call from helper ideally)?

In Rails MVC, can you call a controller's method from a view (as a method could be called call from a helper)? If yes, how?

Read More
"Uninitialized constant" error when including a module

I am trying to reference an association extension but it errors with: NameError (uninitialized constant User::ListerExtension): app/models/user.rb:2:in `<class:User>' Here is my implementation: app/models/user.rb class User < ActiveRecord::Base …

Read More