Xavierleo Posted November 22, 2019 Share Posted November 22, 2019 Hello , at the browser level i had the notice below wich repeted many time. Quote A cookie associated with a cross-site resource at https://mail-ads.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. any idea ? Link to comment Share on other sites More sharing options...
MichaelEZ Posted November 22, 2019 Share Posted November 22, 2019 just use google https://support.google.com/chrome/thread/16654793?hl=en Link to comment Share on other sites More sharing options...
Xavierleo Posted November 22, 2019 Author Share Posted November 22, 2019 i see that link , i make header( "Set-Cookie: HttpOnly;Secure;SameSite=Strict"); but doesn't work 😟 Link to comment Share on other sites More sharing options...
franky.martin Posted January 8, 2020 Share Posted January 8, 2020 I have same error, A cookie associated with a cross-site resource at https://www.prestashop.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032. Prestashop 1.7.4.4 Any helP? Link to comment Share on other sites More sharing options...
MichaelEZ Posted January 8, 2020 Share Posted January 8, 2020 https://web.dev/samesite-cookies-explained/ https://stackoverflow.com/questions/58191969/how-to-fix-set-samesite-cookie-to-none-warning-chrome-extension just use that magical tool 😮 Link to comment Share on other sites More sharing options...
pixelicous Posted July 19, 2020 Share Posted July 19, 2020 On 1/8/2020 at 3:07 PM, MichaelEZ said: https://web.dev/samesite-cookies-explained/ https://stackoverflow.com/questions/58191969/how-to-fix-set-samesite-cookie-to-none-warning-chrome-extension just use that magical tool 😮 Would be interested on how to actually write it correctly Using prestashop 1.7.6.7 With nginx and php 7.2 tried: add_header Set-Cookie 'cross-site-cookie=http://prestashop.com; SameSite=None; Secure'; But that doesn't work for me.. In chrome, i've enabled "chrome://flags/#cookies-without-same-site-must-be-secure" to make sure this works.. but i get warnings in console Link to comment Share on other sites More sharing options...
Lalaru Posted September 14, 2020 Share Posted September 14, 2020 Hi, I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login. I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site : Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None Best regards Link to comment Share on other sites More sharing options...
Rostislav Posted September 17, 2020 Share Posted September 17, 2020 SUPER! ITs works! Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 (edited) On 9/14/2020 at 6:28 PM, Lalaru said: Hi, I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login. I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site : Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None Best regards Unfortunately with this it works only inside Addons frame. With direct link to shop it stop to work in any browsers. ;(( Edited September 18, 2020 by Rostislav (see edit history) Link to comment Share on other sites More sharing options...
Lalaru Posted September 18, 2020 Share Posted September 18, 2020 There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser. If there is a cookie, it is modified to add Secure and SameSite=None to himself. Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 5 minutes ago, Lalaru said: There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser. If there is a cookie, it is modified to add Secure and SameSite=None to himself. Before I add directive - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None - autorization do not works through Addons frames in Chome browsers (work at Firefox and work everywhere if use direct link to BO). After i added this directive to .htaccess file all start work fine inside Addons frames in all browsers, but fully not work if I used direct link to BO (in any browser). Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 Example: https://addons.prestashop.com/demo/BO29882.html now works with this directive ([email protected] and demodemo) And not work if used direct link to BO - http://presta.order-shop.ru/features/admin0 Link to comment Share on other sites More sharing options...
Lalaru Posted September 18, 2020 Share Posted September 18, 2020 In these 2 examples, your cookie is : PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None It contains Secure;SameSite=None;Secure;SameSite=None. In fact it contains it twice Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 5 minutes ago, Lalaru said: In these 2 examples, your cookie is : PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None It contains Secure;SameSite=None;Secure;SameSite=None. In fact it contains it twice And how can this be fixed? I tested this at PS 1.7 - it work fine after adding this directive. But all DEMOs at PS 1.6 has such bug ;(( Link to comment Share on other sites More sharing options...
Lalaru Posted September 18, 2020 Share Posted September 18, 2020 (edited) You are right. I just checked on a Presta 1.6, and it did not work. I'm looking for a solution Edited September 18, 2020 by Lalaru (see edit history) Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 2 hours ago, Lalaru said: You are right. I just checked on a Presta 1.6, and it did not work. I'm looking for a solution thanks! Link to comment Share on other sites More sharing options...
Rostislav Posted September 18, 2020 Share Posted September 18, 2020 5 hours ago, Lalaru said: In these 2 examples, your cookie is : PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None It contains Secure;SameSite=None;Secure;SameSite=None. In fact it contains it twice I found why twice. ))) I have several demos, in subfolders. Main shop in domain http://presta.order-shop.ru and some in folders like http://presta.order-shop.ru/features But I added directive both to htaccess file in the main domain and to files in folders. It is enough to add only in the main domain. I did so, but still the problem remained for PS1.6 (( Link to comment Share on other sites More sharing options...
Lalaru Posted September 21, 2020 Share Posted September 21, 2020 Hi, If you take this shop (my last 1.6) for example : https://store.2n-tech.com/en/ Online test sites can see the value : https://securityheaders.com/?q=https%3A%2F%2Fstore.2n-tech.com%2Fen%2F&hide=on&followRedirects=on I do not understand why the browser cannot see it Link to comment Share on other sites More sharing options...
Rostislav Posted October 4, 2020 Share Posted October 4, 2020 On 9/21/2020 at 1:43 PM, Lalaru said: I do not understand why the browser cannot see it I found, it works if SSL link and not work if not SSL. Link to comment Share on other sites More sharing options...
LieBM Posted October 15, 2020 Share Posted October 15, 2020 On 10/4/2020 at 10:23 PM, Rostislav said: I found, it works if SSL link and not work if not SSL. Can you share the solution?. Thanks!! Link to comment Share on other sites More sharing options...
kamprag Posted December 8, 2020 Share Posted December 8, 2020 (edited) Hello i am facing this problem also in a site version 1.6.1.24, does anyone knows what can we do to overcome this cookies problem (Samesite=none)? Thanks! Edited December 8, 2020 by kamprag (see edit history) Link to comment Share on other sites More sharing options...
Lalaru Posted December 9, 2020 Share Posted December 9, 2020 I resolved this by upgrading my shop to Prestashop 1.7 😅 Link to comment Share on other sites More sharing options...
kamprag Posted December 9, 2020 Share Posted December 9, 2020 6 hours ago, Lalaru said: I resolved this by upgrading my shop to Prestashop 1.7 😅 ok, maybe this is an solution, but i what about Prestashop 1.6.1.24 Link to comment Share on other sites More sharing options...
MichaelEZ Posted December 11, 2020 Share Posted December 11, 2020 well go to TB Link to comment Share on other sites More sharing options...
pswork Posted August 28, 2021 Share Posted August 28, 2021 Please explain in which folder the file is located .htaccess Where to add the line - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None What else needs to be done for the demo to work properly? Link to comment Share on other sites More sharing options...
Rostislav Posted August 28, 2021 Share Posted August 28, 2021 5 hours ago, pswork said: Please explain in which folder the file is located .htaccess Where to add the line - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None What else needs to be done for the demo to work properly? Usually inside your shop root folder Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now