- TLC Home Home
- Discussions Discussions
- Documentation Documentation
- Knowledge Base Knowledge Base
- Education Education
- Blog Blog
- Support Desk Support Desk
10-17-2019 07:07 AM
I'm seeing Chrome console messages concerning a lot of the cookies injected by my Tealium pixels.
For example,:
(index):1 A cookie associated with a cross-site resource at http://doubleclick.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Is there any action I need to take in Tealium to resolve these warnings? It appears these will break when Chrome v80 is released (if I'm reading everything correctly)
Solved! Go to Solution.
10-21-2019 09:46 AM
Here are two good (and entertaining) resources on this topic. It's entertaining because it is the Chrome developers having a friendly discussion with Safari developers. The Chrome team is asking for a Safari fix in how it works with SameSite. The doubleclick.net group may be waiting for this fix (or waiting until the last minute) to change how their server responds.
https://bugs.webkit.org/show_bug.cgi?id=198181
https://support.google.com/chrome/thread/16654793?hl=en
Because the doubleclick.net domain is owned by Google, you would expect them to flip the switches to update the SameSite response before they release their updated Chrome browser. (This is also the perspective of one person in the second link above.)
I have a blog on this topic that shows a specific example of what will happen when the Chrome browser is updated next year.
I think the most important action you can take now is work with your Enterprise data collection vendors and ask how to CNAME (make 1st party) their data collection endpoint. This is not possible for all vendors. For other vendors (Google domains such as doubleclick.net), it is likely just a matter of "wait and see."
Copyright All Rights Reserved © 2008-2023