Jump to content

Prestashop cookie associated with a cross-site


Recommended Posts

Hello ,

at the browser level i had the notice below wich repeted many time.

Quote

A cookie associated with a cross-site resource at https://mail-ads.google.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

any idea ?

Share this post


Link to post
Share on other sites
  • 1 month later...

I have same error,

A cookie associated with a cross-site resource at https://www.prestashop.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Prestashop 1.7.4.4

Any helP?

Share this post


Link to post
Share on other sites
  • 6 months later...
On 1/8/2020 at 3:07 PM, MichaelEZ said:

Would be interested on how to actually write it correctly

Using prestashop 1.7.6.7 With nginx and php 7.2 tried: 

add_header Set-Cookie 'cross-site-cookie=http://prestashop.com; SameSite=None; Secure';

But that doesn't work for me..

In chrome, i've enabled "chrome://flags/#cookies-without-same-site-must-be-secure" to make sure this works.. but i get warnings in console

Share this post


Link to post
Share on other sites
  • 1 month later...

Hi,

I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login.

I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site :

Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

Best regards

Share this post


Link to post
Share on other sites
On 9/14/2020 at 6:28 PM, Lalaru said:

Hi,

I had a problem with the demo sites of my modules sold on addons. The demo sites are framed inside the Prestashop addons site and so the cross site policy now blocks admin login.

I just add this line in my .htaccess files to force Secure;SameSite=None to all cookies on the site :

Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None

Best regards

Unfortunately with this it works only inside Addons frame. With direct link to shop it stop to work in any browsers. ;((

Edited by Rostislav (see edit history)

Share this post


Link to post
Share on other sites

There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser.

If there is a cookie, it is modified to add Secure and SameSite=None to himself.

Share this post


Link to post
Share on other sites
5 minutes ago, Lalaru said:

There is no difference. If it works for one, it also works for another as this solution is on your server and did not depends on which one is looking at your site, ie through a frame or directly in a browser.

If there is a cookie, it is modified to add Secure and SameSite=None to himself.

Before I add directive - Header edit Set-Cookie ^(.*)$ $1;Secure;SameSite=None - autorization do not works through Addons frames in Chome browsers (work at Firefox and work everywhere if use direct link to BO). After i added this directive to .htaccess file all start work fine inside Addons frames in all browsers, but  fully not work if I used direct link to BO (in any browser).

Share this post


Link to post
Share on other sites

In these 2 examples, your cookie is :

PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None

It contains Secure;SameSite=None;Secure;SameSite=None.

In fact it contains it twice

Share this post


Link to post
Share on other sites
5 minutes ago, Lalaru said:

In these 2 examples, your cookie is :

PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None

It contains Secure;SameSite=None;Secure;SameSite=None.

In fact it contains it twice

And how can this be fixed? I tested this at PS 1.7 - it work fine after adding this directive.

But all DEMOs at PS 1.6 has such bug ;((

Share this post


Link to post
Share on other sites
5 hours ago, Lalaru said:

In these 2 examples, your cookie is :

PrestaShop-c07a575472f1837286d5167149da7a37=0AC3oO6PNx4UYW7vzpc9s5Q4xRaY7B%2BHpWnKwZQQQv6vKrTU31YdiRx4CovlhA2ocRfIpjDHPTXpwORjqF2i5tGK%2FQ0nIn2qCrF0uSMzaSY%3D000078; expires=Thu, 08-Oct-2020 12:36:52 GMT; Max-Age=1728000; path=/features/; domain=presta.order-shop.ru; httponly;Secure;SameSite=None;Secure;SameSite=None

It contains Secure;SameSite=None;Secure;SameSite=None.

In fact it contains it twice

I found why twice. ))) I have several demos, in subfolders. Main shop in domain http://presta.order-shop.ru and some in folders like http://presta.order-shop.ru/features
But I added directive both to htaccess file in the main domain and to files in folders. It is enough to add only in the main domain. I did so, but still the problem remained for PS1.6 ((

Share this post


Link to post
Share on other sites
  • 2 weeks later...
  • 2 weeks later...
  • 1 month later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More