DEV Community


Discussion on: Dealing with Chrome SameSite cookie attribute in Shopify Apps made with PHP/Laravel

rowan_m profile image
Rowan Merewood

That exception is temporary and will go away at some point. The specific situation that covers is for top-level, cross-site POST requests that require cookies. These should be set with SameSite=None; Secure as a permanent fix, not rely on the exception. This was added to account for a number of individual single sign-on implementations using this pattern to receive a CSRF token in their cookie - it is not related to the Safari issue.

The Safari issue is due to their implementation matching a much earlier version of the draft. As a result, if you need the cookie to work in all browsers you can use the double cookie solution proposed in

zubairmohsin33 profile image
Zubair Mohsin Author

Thank you Rowan for your input on this issue 🙏🏼