DEV Community

Russell R.
Russell R.

Posted on

SameSite Cookie Header and Google Login

I was recently experimenting with Login with Google for my own websites I develop, and came across this error (and change in the way Chrome handles cookies):

https://github.com/google/google-api-javascript-client/issues/561

From what I gather, soon Chrome will no longer accept cookies without this SameSite header. However, unless you disable this (via chrome://flags) in Chrome, right now, Login with Google doesn't seem to work.

So, is Chrome configured by default to block cookies without that header, and Google's "Login with Google" API isn't sending them with this header? Is that correct? If so, what do developers need to do, if anything, or is this something only Google needs to change?

Thanks. Been wondering about this for a few days now, and it's not 100% clear what's going on.

Discussion (0)