search

Alex-D / Cookies-EU-banner

1kb vanilla JS script which manages cookies consent banner display like asked by GDPR
http://alex-d.github.io/Cookies-EU-banner/
MIT License
439 stars 57 forks source link

Some cookies are misusing the recommended “sameSite“ attribute #60

Open randombrick opened 4 years ago

randombrick commented 4 years ago

how to handle this console error?

sleepless-ninja commented 3 years ago

Browsers now prefer for this to be specified rather for them to set it by default (which they'll do anyway).

I was trying to answer this one out myself. So I'll put this here for anyone else looking for the answer.

Before calling:

new CookiesEuBanner...

You put:

CookiesEuBanner.prototype.setCookie = function(name, value) {
  var date = new Date();
  date.setTime(date.getTime() + this.cookieTimeout);

  document.cookie = name + '=' + value + ';expires=' + date.toGMTString() + ';path=/' + ';secure;SameSite=Lax';
}

Tested it and it seems to work.

andrewholgate commented 3 years ago

Yes this is indeed going to be an issue in the near future as browsers impose more strict control on cookies.

Firefox flags this issue with the following warning:

Cookie “hasConsent” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute.
To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite