DEV Community

loading...

Discussion on: Dealing with Chrome SameSite cookie attribute in Shopify Apps made with PHP/Laravel

Collapse
rowan_m profile image
Rowan Merewood

That exception is temporary and will go away at some point. The specific situation that covers is for top-level, cross-site POST requests that require cookies. These should be set with SameSite=None; Secure as a permanent fix, not rely on the exception. This was added to account for a number of individual single sign-on implementations using this pattern to receive a CSRF token in their cookie - it is not related to the Safari issue.

The Safari issue is due to their implementation matching a much earlier version of the draft. As a result, if you need the cookie to work in all browsers you can use the double cookie solution proposed in web.dev/samesite-cookie-recipes/#h...

Collapse
zubairmohsin33 profile image
Zubair Mohsin Author

Thank you Rowan for your input on this issue 🙏🏼