search

usefathom / fathom

Fathom Lite. Simple, privacy-focused website analytics. Built with Golang & Preact.
https://usefathom.com/
MIT License
7.52k stars 364 forks source link

Third party cookie with Fathom without SameSite and Secure attribute #326

Closed chinmayj closed 2 years ago

chinmayj commented 3 years ago

I am using fathom on another (sub) domain than my primary domain. I believe most of the other users would be doing the same. Browsers are planning to phase out third party cookies and the solution proposed includes using SameSite=None and secure attributes in cookie. As Fathom tarcking script creates the script (with the domain registered as site) with JavaScript, in my case considered as a third party cookie but without the samesite and secure attributes.

Firefox gives this warning, Cookie “_fathom” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

luukdv commented 3 years ago

I think this PR will solve the issue: https://github.com/usefathom/fathom/pull/314

JackEllis commented 2 years ago

Merged PR