Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?

Asked Aug 05 '20 at 21:34

Active Sep 30 '20 at 12:12

Viewed 1.0k times

In a Chrome warning it says "Specify SameSite=None and Secure if the cookie should be sent in cross-site requests. This enables third-party use." How do I do this correctly using express-session?

app.use(
  cors({
    credentials: true,
    origin: ["http://localhost:3000", "https://elated-jackson-28b73e.netlify.app"] //Swap this with the client url 
  })
);
var sess = {
  secret: 'keyboard cat',
  cookie: {}
}

if (app.get('env') === 'production') {
  app.set('trust proxy', 1) // trust first proxy
  sess.cookie.secure = true // serve secure cookies
  sess.cookie.sameSite = 'none'
}

app.use(session(sess))

edited Aug 05 '20 at 21:41

asked Aug 05 '20 at 21:34

Squirrl

3,870
9
41
75

Did you get an answer to this? @Squirrl Can't believe it has many views and no answers! – Akhila Dec 30 '20 at 20:06
@Akhila I have not. – Squirrl Dec 30 '20 at 22:37
1

What I found is that this is not a client side issue, but on the server side, also if you are using an external api you have no control over this issue. @Squirrl – Akhila Dec 31 '20 at 10:21
1

This should the answer to your question: https://stackoverflow.com/questions/66503751/cross-domain-session-cookie-express-api-on-heroku-react-app-on-netlify/66553425#66553425 – sandrabosk Mar 10 '21 at 22:34
@sandrabosk ^^^ THANK YOU!! – Squirrl Mar 11 '21 at 01:11

Why am I getting "Indicate whether to send a cookie in a cross-site request by specifying its SameSite attribute"?

0 Answers0