Chrome 80+ appears to block cookie and not display forms on company site

Chrome 80+ appears to block cookie and not display forms on company site

I tried looking through the support but did not find an exact answer in regards to forms being hosted on company site, i.e. not a Marketo landing page.

I am using Chrome Canary 81.0.4020.0 and see the warning message:

A cookie associated with a cross-site resource at <URL> was set without the `SameSite` attribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set with `SameSite=None` and `Secure`.

It also references Cookies default to SameSite=Lax - Chrome Platform Status and Reject insecure SameSite=None cookies - Chrome Platform Status

The actual error that is concerning is attached below and appears to be an authentication error for forms2.min.js

pastedImage_2.png

Everything is working as intended on FF, Safari, and Chrome 79.0.3945.88 and so I just want to be prepared if this issue is associated with cookies or something more serious.

Thanks

9 REPLIES 9
Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

Pls remove attachments and paste inline. Not all users can see attachments.

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

Edited to paste inline, thanks

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

The problem is not confined to Marketo (and it doesn't have to do with the blocked cookie, that's a different matter -- a concern in its own right, but different).

The problem is that CloudFlare may throw 403 errors when Chrome 80+ is used -- and that's any site that uses CloudFlare's proxy service, not just Marketo.

For example (you may not find this reassuring, but you should) this is the console output when I load my CodePen CSS styles (which have nothing to do with Marketo) from a CodePen page that also hosts a Marketo form:

pastedImage_1.png

Don't get me wrong, CloudFlare is a janky choice for a site like Marketo that doesn't allow separate developer access, but millions of sites use it. 

As for a solution, I have something in mind, but it's going to be pretty crazy. You may want to wait to see if Chrome and CloudFlare can work out their differences before release.

Highlighted
Level 1

Re: Chrome 80+ appears to block cookie and not display forms on company site

I'm getting this 403 error on all my browsers for my page not just Chrome. Any idea what's going on with it? I am also hosted through CloudFlare so maybe that's the issue but I'm not sure how to go about fixing that if that is the problem. The page I'm having trouble with is https://lp.seamless.com/corporate-uk/icaew/

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

Are you getting the 403 error for your entire page, or for the Marketo forms-related assets only?

 

If it's your entire page, and as you said that whole page is behind CloudFlare, I'd be talking to whoever manages your CF account ASAP.

 

 

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

I'm also running into this in Chrome beta (80.0.x), while fine in other browsers. Forms not loading, and if I try accessing that forms2.min.js url directly, I get challenged with a CloudFlare captcha.

Makes me wonder how many others are getting bitten by this, and not realising... Interested to hear about your solution, Sanford!

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

Our org began noticing this form fill issue on 1/6. After a full day of troubleshooting we thought we had a workaround in place as form fills data began to flow into Marketo but we are once again having issues today.

Highlighted
Level 1

Re: Chrome 80+ appears to block cookie and not display forms on company site

what if you are using http on mkto landing pages. Will forms display? Or do we need to amend the code? Or do we need to do nothing?

Highlighted

Re: Chrome 80+ appears to block cookie and not display forms on company site

Not sure which set of symptoms you're referring to.

 

CloudFlare-related 403s are unrelated to http: vs https:.

 

SameSite/secure-related problems mandate that you load your Marketo LPs over SSL.