How do I disable the SameSite feature in the Chrome Browser
search cancel

How do I disable the SameSite feature in the Chrome Browser


Article ID: 145668


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


I am unable to apply the SiteMinder tactical enhancement 'SameSite' patches throughout my environment, and I have users that must gain access to my environment which includes Cross-Domain POST requests, and they are being prevented access or being re-prompted since they have on of the browsers where Google has enabled the new 'SameSite' behavior.


Release : R12.52 SP1 CR-x, 12.6x, 12.7x, and 12.8x

Component : SITEMINDER -Web Agent, WAOP, AccessGateway


With the release of the Chrome 80 Browser, Google has configured a small percentage of those released browser versions with the new Chrome 'SameSite' behavior enabled by default. This affects the way in which the Browser will treat cookies that do not include a 'SameSite' flag. If a cookie does not contain the 'SameSite' flag, the Chrome Browser with the 'SameSite' feature enabled will treat that cookie as if it's setting was "LAX".

The Chrome Browsers with the 'SameSite' feature enabled will not present a cookie for a Cross-Domain POST request, unless the cookie has a 'SameSite' flag set to "none" and the SECURE flag is also set on the cookie, thus requiring the Cross-Domain POST to be over HTTPS.


To disable the Chrome 'SameSite' feature;

Chrome Browser Flags chrome://flags

Chrome has below two flags:

Set both of these flags to "Disabled".

Restart the browser for the changes to take effect.

Additional Information

Please refer to the following links for information on the ‘SameSite’ feature;

Please refer to the following Communities Post which explains this Broadcom solution for the Google Chrome 80 'SameSite' behavior;