I see the warning in my debug console about the upcoming change to Chrome. The message reads:
A cookie associated with a resource at http://uat.trevor-roberts.com.au/ was set with
SameSite=Nonebut withoutSecure. A future release of Chrome will only deliver cookies markedSameSite=Noneif they are also markedSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032
The latest advice is this will come into effect in a couple of weeks: https://www.chromium.org/updates/same-site
Please advise if we need to do anything to ensure features like "Login as user", etc. continue to work.
3 Answer(s)
-
1
hi @dmux
You can take a look at this document.
https://docs.microsoft.com/en-us/aspnet/core/security/samesite?view=aspnetcore-3.1
-
0
Hi @maliming,
Thank you for that document. I have been through it and tested Chrome by enabling "SameSite by default cookies" as it suggests. It appears to make no difference to how the app works. So maybe nothing is going to break in two weeks time. Is that right?
The only cookies that are SameSite and not Secure appear to be set by the ASPNETZero base code:
I really just need to know if the standard ASPNETZero platform (v8.0 CORE MVC) will stop working in two weeks or not. Please advise.
Thanks kindly!
-
1
I will try to implement it in zero.
Please follow: https://github.com/aspnetzero/aspnet-zero-core/issues/2950
