Google has said that Chrome 80 is set to begin rolling out on the stable channel today and that it introduces SameSite Cookie changes that could potentially break website functionality. The change will mean that cookies are only available in third-party contexts if they’re being accessed from secure connections.
Last month, Google announced changes that it'll be making over the next two years with the ultimate goal of phasing out support for third-party cookies in Chrome altogether. The new plans by the firm were sparked by people’s desire for greater privacy and control over their data. Google said it wants to develop a new system that works for the whole web ecosystem, including publishers.
The plan to force third-party cookies onto HTTPS was first revealed in May 2019, this forewarning should have given website admins time to update their website to ensure that no problems occur with the launch of Chrome 80. It reminded the developer community again in October 2019. For those who still haven’t made preparations, Google has published a video explaining what the change means.
To help mitigate sign-on issues, Chrome has introduced a new feature that allows cookies without a specified SameSite setting to be available for the type of top-level cross-site POST request typically used for sign-on flows. The “Lax + POST” mitigation, as it's called, gives the cookie just two minutes to carry out its intended function.
Google has also warned that enterprise administrators may need to implement special policies to revert Chrome to legacy behaviour if internal applications have not yet been updated to meet Chrome’s new expectations. Overall, this change should further bolster web security for ordinary users.
Update: According to the Chromium website "the SameSite-by-default and SameSite=None-requires-Secure behaviors will begin rolling out to Chrome 80 Stable for an initial limited population starting the week of February 17, 2020, excluding the US President’s Day holiday on Monday. We will be closely monitoring and evaluating ecosystem impact from this initial limited phase through gradually increasing rollouts."
15 Comments - Add comment