Google Chrome 80, Cookies, and HTTPS
- 06 Jan, 2020
Forecast for 2020 …
Google Chrome 80 will make a change in the cookie management policy (for an improved security overall). This will as well concern other browsers (Edge, Firefox) in the near future.
Consequently, if you have a personalized integration with ARender which is based between your interface & ARender by an authenticated cookie to use your services, check the following information carefully:
- If your cookies do not specify the SameSite property, Google Chrome 80 will automatically place them in SameSite = Lax, this will only allow Get requests from other sites to use these cookies (typically from ARender to your custom integration).
- Requests will have to be made in HTTPS to re-use these cookies as the parameter « Without SameSite must be secure » will be set up automatically.
You can as well refer to the Chromium project which indicates the deployment of this configuration: https://www.chromium.org/updates/same-site