Before I begin, let me say that I never ever worked with cookies before. Also, it wasn’t me who built any of the sites I’m fixing now. You can already see how lucky I am 😀

Quick overview: I open my website at domain1. Inside a page, I load an iframe with url http://domain2/…

I keep on getting this warning on chrome and it has affected my website:

A cookie associated with a cross-site resource at was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and

I’ve already tried setting proxy_cookie_path in my domain2 nginx config but it doesn’t seem to work:

location / {
    proxy_cookie_path / "/; SameSite=None; Secure";

I also tried adding Set-Cookie header which also doesn’t seem to work:

location / {
    add_header 'Set-Cookie' 'SameSite=None; Secure';

When I tried the second solution, it seems the the header was received from the response on chrome, but chrome gives the following warning:

r/webdev - SameSite cookie killing my internals, level 4 frustration already

Note that domain2 is our domain as well, and it has a python backend using Flask framework. So should I add the cookies from the python code or javascript frontend?

Any help appreciated.

Source link

Write A Comment