Will your site be effected in Chrome 80
Chrome 80 will treat cookies as SameSite=Lax by default if no SameSite attribute is specified and will reject insecure SameSite=None cookies.
- https://www.chromestatus.com/feature/5088147346030592
- https://www.chromestatus.com/feature/5633521622188032
Out of the box EPi Server's CMS website functionality isn't effected, but it might be effecting other areas of your website. e.g.
your integrations with Identity Providers using protocols such as SAML 2.0 or OpenID Connect or analytics cookies that your web application creating as a third-party cookie or any feature depending on third party dependent cookies or if you are querying APIs from a third-party domain.
References:
- https://www.chromestatus.com/features/schedule
- https://world.episerver.com/forum/developer-forum/-Episerver-75-CMS/Thread-Container/2020/1/upcoming-samesite-cookie-changes-and-episerver/
- https://auth0.com/blog/browser-behavior-changes-what-developers-need-to-know/
- https://devblogs.microsoft.com/aspnet/upcoming-samesite-cookie-changes-in-asp-net-and-asp-net-core/
- https://www.chromium.org/updates/same-site
- https://www.seerinteractive.com/blog/samesite-security-update-chrome/
- https://webkit.org/blog/8828/intelligent-tracking-prevention-2-2/
Google announced it would end support for third-party cookies in Chrome by 2022
- https://blog.chromium.org/2020/01/building-more-private-web-path-towards.html
- https://marketingland.com/marketers-respond-to-google-chrome-cookie-decision-with-mixture-of-hope-and-fear-274792
Feb 03, 2020
Comments