London Dev Meetup Rescheduled! Due to unavoidable reasons, the event has been moved to 21st May. Speakers remain the same—any changes will be communicated. Seats are limited—register here to secure your spot!

K Khan
Feb 3, 2020
  2846
(3 votes)

Will your site be effected in Chrome 80

Chrome 80 will treat cookies as SameSite=Lax by default if no SameSite attribute is specified and will reject insecure SameSite=None cookies.

Out of the box EPi Server's CMS website functionality isn't effected, but it might be effecting other areas of your website. e.g.

your integrations with Identity Providers using protocols such as SAML 2.0 or OpenID Connect or  analytics cookies that your web application creating as a third-party cookie or any feature depending on third party dependent cookies or if you are querying APIs from a third-party domain. 

References:

Google announced it would end support for third-party cookies in Chrome by 2022

Feb 03, 2020

Comments

Vincent
Vincent Feb 3, 2020 10:56 PM

Thank you for sharing this. 

According to MS doc, it's worth to note some forms of authentication e.g. OIDC and WS-Federation are not affected due to the differences in the how request flows (e.g. post based redirect). However applications use iframe got a lot of impact. 

K Khan
K Khan Feb 4, 2020 08:37 PM

@ Vincent, thanks for your input.

Vincent
Vincent Feb 4, 2020 11:45 PM

Furthermore, my colleague and I tested Episerver OOTB functionality by explicitly enabling samesite cookie settings in Chrome, both Commerce manager and personalization portal login stopped working. 

K Khan
K Khan Feb 5, 2020 11:56 AM

For, out of the box, can we assume it's the same as QuickSilver? in this case, this might affect more clients.

K Khan
K Khan Feb 6, 2020 10:10 PM

need to report I think, A cookie associated with a cross-site resource at https://dl.episerver.net/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Please login to comment.
Latest blogs
Developer Meetup - London, 21st May 2025

The London Dev Meetup has been rescheduled for Wednesday, 21st May and will be Candyspace 's first Optimizely Developer Meetup, and the first one...

Gavin_M | Apr 22, 2025

Frontend hosting for PaaS & SaaS CMS

Just announced on the DXP, we FINALLY have a front end hosting solution coming as part of the DXP for modern decoupled solutions in both the PaaS a...

Scott Reed | Apr 22, 2025

Routing to a page in SaaS CMS

More early findings from using a SaaS CMS instance; setting up Graph queries that works for both visitor pageviews and editor previews.

Johan Kronberg | Apr 14, 2025 |

Developer Meetup - London, 24th April 2025

Next Thursday, 24th April will be Candyspace 's first Optimizely Developer Meetup, and the first one held in London this year! We've have some...

Gavin_M | Apr 14, 2025