SOLVED

New chrome warning about Marketo cookie SameSite and Secure attributes

Go to solution
Level 1

New chrome warning about Marketo cookie SameSite and Secure attributes

Hi,

I have the Marketo munchkin cookie, as well as Marketo form embeds, installed on my website. I have been noticing this console warning for a while in Chrome regarding its new cookie policy regarding only delivering secure cookies on any website that uses a Marketo form/mkto_trk cookie:

A cookie associated with a cross-site resource at https://app-sjf.marketo.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Since this warning is only applicable to third party cookies, are there any fixes for this planned on the Marketo side?

Thank you.

chrome_warnings.png

cc: Sanford Whiteman

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's harmless -- bringing Chrome in line with what Safari has done for a long time.

View solution in original post

8 REPLIES 8
Highlighted

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's harmless -- bringing Chrome in line with what Safari has done for a long time.

View solution in original post

Highlighted
Level 1

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Got it. Thanks for the quick reply Sanford.

Just wanted to confirm and be pro-active about this, to not cause any interruptions in Marketo tracking once this version goes live and wanted to make sure that there's nothing to be fixed/done from either the Website's or Marketo's end.

Highlighted
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Hi Sanford,

I have the same issue for our Marketo Landing page. To solve this we need to add 

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

Found this in javascript - SameSite warning Chrome 77 - Stack Overflow 

Can you please let me know where I need to put this in Marketo?

Thank you,

Vipin

Highlighted

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

There's no equivalent. The Munchkin cookie can't be HttpOnly.

Highlighted
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

If the Marketo cookies are missing an attribute required by Chrome, doesn't that mean once the future Chrome release is out the cookies will NOT be delivered? Shouldn't Marketo add in the samesite attribute to avoid blocking the cookie if Chrome states it is required?

Highlighted

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's not simple like that, see my responses at  

Highlighted
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Do I have insecure pages on my site? I don't see a solution in that thread.

Highlighted

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

The point I made there is that a minority of Marketo LP domains are secure, so it's not possible to mark the cookies as secure.