Chrome warns that a mapbox cookie will not be delivered.

mapbox / mapbox.js

Mapbox JavaScript API, a Leaflet Plugin

mapbox.com/mapbox.js/

Other

1.92k stars 386 forks source link

Chrome warns that a mapbox cookie will not be delivered. #1300

Closed alexAlchemy closed 3 years ago

alexAlchemy commented 4 years ago

I noticed this warning appear in chrome and I'm concerned about mapbox breaking when the next chrome version is released.

https://www.chromestatus.com/feature/5088147346030592 https://www.chromestatus.com/feature/5633521622188032

I'm wondering if this the lack of mapbox cookies being delivered will break functionality or if I can ignore this warning?

Thanks in advance

riastrad commented 4 years ago

Thanks for flagging, @alexAlchemy. Are you able to provide an example that triggers this console message or point me to a page where you've observed it? To my knowledge, there's nothing in Mapbox.js that will break as a result of Chrome's stricter enforcement of the SameSite guidelines - but we can certainly double check that assumption, if necessary.

mobinseven commented 4 years ago

Hi. I use mapbox tiles by leaflet.js with the following config:

L.tileLayer('https://api.mapbox.com/styles/v1/mapbox/light-v10/tiles/{z}/{x}/{y}?access_token={accessToken}', {
            tileSize: 512,
            minZoom: 3,
            maxZoom: 18,
            zoomOffset: -1,
            accessToken: {token}
        });

and I get the following warning in Chrome issues tab:

Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute

mobinseven commented 4 years ago

And this comment indicates what is the problem.

alexandervlpl commented 3 years ago

Any solution to this? Maybe on the client (Leaflet) side?

alexandervlpl commented 3 years ago

@riastrad AFAIK if Chrome logs the warnings, eventually these requests will break and this should probably be taken seriously. Maybe the changes need to happen on Mapbox servers?

riggiobill commented 3 years ago

I'm having this same issue, would love any idea how to set the cookies' value SameSite value.

riastrad commented 3 years ago

Mapbox.js does not rely on any cookies in order to properly function. The warning you are seeing is from a cookie set by mapbox.com in order to manage account logins. If you clear this cookie from your browser and test your site again, your maps should still function and this warning should no longer be visible in the console. Unless your end users also have mapbox.com accounts and frequently check their browser consoles on your page, this warning will have no effect on their experience.

Ref. this sister ticket in GL JS: https://github.com/mapbox/mapbox-gl-js/issues/9404#issuecomment-599374704