Jump to content

Prestashop cookie associated with a cross-site


Xavierleo

Recommended Posts

Hello ,

at the browser level i had the notice below wich repeted many time.

Quote

A cookie associated with a cross-site resource at https://mail-ads.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

any idea ?

Link to comment
Share on other sites

  • 1 month later...

I have same error,

A cookie associated with a cross-site resource at https://www.prestashop.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Prestashop 1.7.4.4

Any helP?

Link to comment
Share on other sites

  • 6 months later...
On 1/8/2020 at 3:07 PM, MichaelEZ said:

Would be interested on how to actually write it correctly

Using prestashop 1.7.6.7 With nginx and php 7.2 tried: 

add_header Set-Cookie 'cross-site-cookie=http://prestashop.com; SameSite=None; Secure';

But that doesn't work for me..

In chrome, i've enabled "chrome://flags/#cookies-without-same-site-must-be-secure" to make sure this works.. but i get warnings in console

Link to comment
Share on other sites

  • 1 month later...

Hi,

I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login.

I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site :

Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

Best regards

Link to comment
Share on other sites

On 9/14/2020 at 6:28 PM, Lalaru said:

Hi,

I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login.

I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site :

Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

Best regards

Unfortunately with this it works only inside Addons frame. With direct link to shop it stop to work in any browsers. ;((

Edited by Rostislav (see edit history)
Link to comment
Share on other sites

There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser.

If there is a cookie, it is modified to add Secure and SameSite=None to himself.

Link to comment
Share on other sites

5 minutes ago, Lalaru said:

There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser.

If there is a cookie, it is modified to add Secure and SameSite=None to himself.

Before I add directive - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None - autorization do not works through Addons frames in Chome browsers (work at Firefox and work everywhere if use direct link to BO). After i added this directive to .htaccess file all start work fine inside Addons frames in all browsers, but  fully not work if I used direct link to BO (in any browser).

Link to comment
Share on other sites

In these 2 examples, your cookie is :

PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None

It contains Secure;SameSite=None;Secure;SameSite=None.

In fact it contains it twice

Link to comment
Share on other sites

5 minutes ago, Lalaru said:

In these 2 examples, your cookie is :

PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None

It contains Secure;SameSite=None;Secure;SameSite=None.

In fact it contains it twice

And how can this be fixed? I tested this at PS 1.7 - it work fine after adding this directive.

But all DEMOs at PS 1.6 has such bug ;((

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...
  • 8 months later...
5 hours ago, pswork said:

Please explain in which folder the file is located .htaccess

Where to add the line - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

What else needs to be done for the demo to work properly?

Usually inside your shop root folder

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...