SOLVED

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Go to solution
Muhammad_Ali
Level 1

New chrome warning about Marketo cookie SameSite and Secure attributes

Hi,

I have the Marketo munchkin cookie, as well as Marketo form embeds, installed on my website. I have been noticing this console warning for a while in Chrome regarding its new cookie policy regarding only delivering secure cookies on any website that uses a Marketo form/mkto_trk cookie:

A cookie associated with a cross-site resource at https://app-sjf.marketo.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Since this warning is only applicable to third party cookies, are there any fixes for this planned on the Marketo side?

Thank you.

chrome_warnings.png

cc: Sanford Whiteman

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's harmless -- bringing Chrome in line with what Safari has done for a long time.

View solution in original post

9 REPLIES 9
SanfordWhiteman
Level 10 - Community Moderator

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's harmless -- bringing Chrome in line with what Safari has done for a long time.

Muhammad_Ali
Level 1

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Got it. Thanks for the quick reply Sanford.

Just wanted to confirm and be pro-active about this, to not cause any interruptions in Marketo tracking once this version goes live and wanted to make sure that there's nothing to be fixed/done from either the Website's or Marketo's end.

Vipin_Mp
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Hi Sanford,

I have the same issue for our Marketo Landing page. To solve this we need to add 

response.setHeader("Set-Cookie", "HttpOnly;Secure;SameSite=Strict");

Found this in javascript - SameSite warning Chrome 77 - Stack Overflow 

Can you please let me know where I need to put this in Marketo?

Thank you,

Vipin

SanfordWhiteman
Level 10 - Community Moderator

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

There's no equivalent. The Munchkin cookie can't be HttpOnly.

Joe_Barrett
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

If the Marketo cookies are missing an attribute required by Chrome, doesn't that mean once the future Chrome release is out the cookies will NOT be delivered? Shouldn't Marketo add in the samesite attribute to avoid blocking the cookie if Chrome states it is required?

SanfordWhiteman
Level 10 - Community Moderator

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

It's not simple like that, see my responses at  

Joe_Barrett
Level 2

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

Do I have insecure pages on my site? I don't see a solution in that thread.

SanfordWhiteman
Level 10 - Community Moderator

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

The point I made there is that a minority of Marketo LP domains are secure, so it's not possible to mark the cookies as secure.

NestoJosa
Level 3

Re: New chrome warning about Marketo cookie SameSite and Secure attributes

For Future Googlers

 

The missing link at the end of @SanfordWhiteman comment ("It's not simple like that, see my responses at") is the following:

 

https://nation.marketo.com/t5/ideas/update-marketo-cookie-setting-to-not-break-in-chrome-80/idi-p/26...

 

You can see it for yourself via the browser inspector: there is an empty <a> tag.