Modern UX and cross-site cookie warnings - Some cookies are missing the recommended "SameSite" attribute
search cancel

Modern UX and cross-site cookie warnings - Some cookies are missing the recommended "SameSite" attribute

book

Article ID: 205413

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

We're now running Firefox 83.0 and we're seeing all these cross-site cookie warnings in the logs. 

Is this something that Broadcom is aware of? Do you have any further information?

 


Firefox 83.0 is showing cross-site cookie warnings in the logs. 

Cookie “NG_TRANSLATE_LANG_KEY” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite. 

Steps to Reproduce: 

  1. Using Firefox 84 or later version, bring up the URL for the Modern UX 
  2. Open the Web Inspector > "Console" 
  3. Refresh the Clarity /pm page 
  4. The web inspector will show this message for a cookie:

Cookie “NG_TRANSLATE_LANG_KEY” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Expected Results: Cookies from Clarity have the required/recommended SameSite attribute WITH the 'secure' attribute. 

Actual Results: Cookies from Clarity do NOT have the required/recommended SameSite attribute with the 'secure' attribute.  

Environment

Release : 15.8.1, 15.9.1, 15.9.2, 15.9.3 

Component : CA PPM SECURITY INTEGRATION 

Cause

DE59126

Workaround: This message is a warning for now, but could become a serious problem soon if Firefox starts to block these cookies. 

Resolution

Fixed in Release 16.0.0