How can I resolve a cross-site Google Analytics cookie `SameSite=None` warning in Chrome on Apache 2.4 and PHP 7.1?

php apache cookies header samesite
11,340

Solution 1

I got a response from Google Chrome Labs after I posted a similar question on their github page.

The cookies triggering the warning are coming from google.com so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com cookie, it will only cover cookies set for your site.

If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes. -rowan-m

Solution 2

I would look at the tracker script. Here is the section about cross-domain traffic in the gtag.js docs. Make sure only the domain is present and no www, http, ect. 

gtag('set', 'linker', {
  'domains': ['example.com', 'example-b.com']
});
Share:
11,340

Related videos on Youtube

Benson
Author by

Benson

Programming & Web PHP, MVC, HTML, HTML5, SCSS, CSS3, JavaScript, jQuery, SQL, XML, Drupal, MySQL, Wordpress, APIs, AngularJS, Backbone.js, Apache, Git, PhoneGap, DNS, Bootstrap, Mobile Applications, Network Management Tools Visual Studio, Dreamweaver, Flash, Photoshop, Illustrator, Yeoman, Grunt, Adobe Animate, Sketchup, Notepad++

Updated on September 15, 2022

Comments

  • Benson
    Benson over 1 year

    My client's website is getting these SameSite cookie warnings in Chrome. I've searched all over and I can't get the warnings to go away. The cookies are due to Google Ad Conversion Tracking on a Wordpress Site. The site is on a Apache/2.4.7 (Ubuntu) hosted by DreamHost running PHP 7.1 for compatibility reasons. To my .htaccess file, I've tried adding:

    Header always edit Set-Cookie (.*) "$1; SameSite=None"

    and I tried

    Header edit Set-Cookie ^(.*)$ $1;HttpOnly;Secure

    ...and I tried

    Header always edit Set-Cookie (.*) "$1; SameSite=None;Secure"

    as well as many other combinations including SameSite=Lax

    One guide recommends for PHP 7.2 and below:

    header('Set-Cookie: cross-site-cookie=bar; SameSite=None; Secure');

    But that gives me a 500 Internal Server Erorr.

    Yet I am still getting the following three errors:

    A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .

    (index):1 A cookie associated with a resource at http://doubleclick.net/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.

    (index):1 A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.

    In my research, there seems to be limited information about the warning, and in the guides that are available, I'm not sure if I must identify the cookie by name or how to fix the cookie/headers at their source.

  • Benson
    Benson over 4 years
    Where you say ACookieAvailableCrossSite, I'm assuming I don't use that actual term? I have about 10 cookie names associated with the google name, do I need to add each one? What would that syntax look like?
  • Krishnan KK
    Krishnan KK over 4 years
    Access-Control-Allow- is used for cross site cookies. As you can see on the first line, it allows all domains. So you don't need to add each one.
  • Krishnan KK
    Krishnan KK over 4 years
    Most of the website has the same issue. I hope it will be fixed by google itself. Just look at the console warning of stackoverflow on google chrome. There you can see the same warning.
  • Adam Reis
    Adam Reis over 3 years
    They clearly failed, as it's now September 2020 and the error still shows up...

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Apache / PHP Disable Cookies for Subdomain?
header('location: ..') not working
Authorization header missing in PHP POST request
Allow php sessions to carry over to subdomains
Cookies across subdomains and hosts
Content-Length header always zero
HTTP Client Cookie c#
WAMP "Unable to load dynamic library php_intl.dll"
PHP Image content type problem
HTTPS giving 404 not found error