SameSite предупреждение Chrome 77

Со времени последнего обновления у меня возникла ошибка с файлами cookie, связанная с атрибутом SameSite.

Файлы cookie принадлежат сторонним разработчикам (Fontawesome, jQuery, Google Analytics, Google reCaptcha, Google Fonts и т.д.)

Ошибки в консоли Chrome выглядят следующим образом.

A cookie associated with a cross-site resource at <URL> was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at <URL> and <URL>.
(index):1 A cookie associated with a cross-site resource at http://jquery.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at https://www.google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://www.google.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
(index):1 A cookie associated with a cross-site resource at http://gstatic.com/ was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Что-то мне нужно делать на локальном компьютере или сервере, или это просто какая-то функция, которую они должны реализовать в будущих выпусках своих библиотек?

Ответ 1

Это предупреждение консоли не является ошибкой или реальной проблемой - Chrome просто распространяет информацию об этом новом стандарте, чтобы ускорить принятие разработчиками.

Дата выпуска исправления 02/04/2020 в: https://www.chromium.org/updates/same-site

Я решил ту же проблему, добавив в заголовок ответа

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

SameSite запрещает браузеру отправлять cookie вместе с межсайтовыми запросами. Основная цель - снижение риска утечки информации из разных источников. Он также обеспечивает некоторую защиту от атак подделки межсайтовых запросов. Возможные значения для флага: Lax или Strict.

Пожалуйста, ознакомьтесь с этим, прежде чем применять какой-либо вариант.

Надеюсь, это поможет вам.