FR : Fix chrome cookies warning (SameSite attribute)
#2284
Comments
|
The Auth SDK does not set any cookies. Please provide actual details on the source of this issue. This unlikely to be from our library. However, we do pull in other external dependencies. If you can help pinpoint that, we could route you to the right owners to fix this. |
|
A cookie associated with a cross-site resource at http://cloudflare.com/ was set without the This is warning for a firebase project |
|
Hey @deka. We need more information to resolve this issue but there hasn't been an update in 7 days. I'm marking the issue as stale and if there are no new updates in the next 3 days I will close it automatically. If you have more information that will help us get to the bottom of this, just add a comment! |
|
Please, see steps to reproduce.
Can you confirm ? Perhaps, firebase.auth need new configuration param to set |
|
Have been experiencing the same for several weeks. |
|
As @bojeil-google said, we don't set any cookies. It's the google sign-in page who set the cookie. |
|
From my understanding we can ignore this warnings. |
|
I'm experiencing the same issue. Is there a solution to this? In my app, I use the Auth to login using two methods:
The method But the No code changes have been made to the app's login procedures and worked perfectly in the past. It appears that changes have been made to the Auth SDK.
|
|
@sergekrstic did you figure out a workaround? This completely breaks |
|
@sergekrstic Are you using Kaspersky ? |
|
This warning shouldn't break |
|
Hey @pitw, thanks for giving me some ideas to explore. They led me to find the cause and a solution. These type of issues, with cryptic error messages, can be frustrating. They are also tricky for the maintainers to provide helpful advice. So here's what I did.
Is there a way for the Anyhow, I hope this helps. |
|
Just to clarify, the warning message still appears in the close log, however, with my fix, I’m now able to log in using ‘signInWithPopup’ |
|
I experience the same. |
|
I have the same problem. That message appears 37 times(1 per each google service or subdomain) every time I want to login with google. |
|
I am seeing this warning in Brave Browser too. |
|
I am also running into this issue: Environment: I am still able to sign in but I get the console warning. A cookie associated with a cross-site resource at https://google.com/ was set without the |
|
I'm having the same issue. Disabling React Developer Tools plugin fixes the issue for me. I have no clue why. |
|
I'm having this issue when I attach vscode to chrome for debug on windows. I also get the following popup on login and then fb auth throws an exception: Works fine on localhost without vscode attach. |
|
Hi same issue here. We are paying for the platform (firebase) this is not a "free" project AFAIK. Please provide a confirmation of the issue from Firebase Google that is all we ask. @wti806 and other contributors here. This is business critical. |
|
Had same issue, here to make enable : hope help you. |
|
Same issue using It's possible to auth from the popup script but this is less desired and regardless the content script does not receive an auth change event from singing in, so it seems unworkable for a content script anyway. I also tried auth exactly as prescribed here in the popup but still no event in the content script - https://github.com/firebase/quickstart-js/tree/master/auth/chromextension I raised a SO about this here: https://stackoverflow.com/questions/60903867/firebase-with-chrome-extension-not-receiving-onauthstatechange-event-in-conten |
|
I just found that firebase auth is not working on our site when same site cookie is enforced. |
|
This worries me. I hope you guys at Firebase talk to other Google teams and are not waiting for the authentication to be broken to fix this. It's been 6 months. A confirmation that it's ok would be nice. In my case the cookies were set by
|
|
Please fix!! this is a game-breaking bug! |
|
Any fixes, users can't login to our sites. This is a P0. |
|
This is causing issues on my site. Please resolve. |
|
Hello all. I hope I speak everyone's thoughts here. :) My Chrome updates are a little delayed, so I have only just had this issue. Google, you own Chrome. You know perfectly well what Chrome's plans are. Yet you still don't do anything about these issues. |
|
Hi! @bojeil-google and others. Sorry to say but : Really are we reaching this point that we consumers that pay for firebase actually have to "beg" for attention ? |
|
Hi again here. As of today we have about 5% of our users (2K MAU) that experience this issue with chrome and windows. They simply cannot login, and we are just implementing loginwithredirect or windowpopup but both are not working. At least some advice to mitigate the issue would be great. |
|
According to the news: April 2020 - Google delays samesite cookie origin requirement July 2020 - Google slowly rolls out the samesite cookie requirement |
|
Same here, anyone has a solution for this issue ? |
I have the exactly same behaviour. |
|
I had the same problem, the errors indicated to me that something was wrong with cookies like all of you, since my project is only for testing, delete my project and create another and the same errors jumped at me, but one more, I said that I did not have enabled that domain, then I enabled it in firebase and now it works even though it still shows me the cookie warnings |
|
same here |
|
This continues to be an issue |
|
Also having this issue where I'm trying to use google popup login for auth |
|
Hi There, I am also facing the same issue while using popup with google auth. |
|
Have the same problem |
|
I posted a similar screen shot that Louisameline shows above to Firebase Support explaining same issue and got this as a response: If you have any Firebase-specific questions or concerns, feel free to reach out to us. Thank you for your understanding," Not much help or concern. I used to have great respect for the way Google does things, that's why I chose firebase over aws or azure regimes. This issue, I fear, will cause a lot of pain for a lot of people at a time we all need to get remote systems working. |
|
Hi folks, There are two things at play here. The warnings that you are seeing in the console when signing in with Google are not necessarily problematic (these warnings are what this issue originally asked about). The warnings are unrelated to Firebase and they should not impact anyone’s ability to sign in. Separately, there is another issue that is currently affecting Chrome Incognito / Chrome with the setting "Block Third-Party Cookies." This is unrelated to the warnings you see in Google sign in and has to do with Chrome’s enforcement of the third-party cookie policy and the way that we handle the login flow. This issue is likely the cause of users being unable to sign in and we are working on it right now. Please see this comment for more details. That bug is unrelated to the warning messages you see in the developer console during Google sign in. I'm closing this out—this feature request for removing the warnings from Google sign in is outside our purview. There is a related issue in google/google-api-javascript-client#561 that you can follow. For folks who are unable to login due to third-party cookie errors, we are tracking the issue in #3004. Thanks |
Hello, Great to know Chrome is working on it. However I think you may have misunderstood 'this comment'. This was a workaround to be able to login. Login was not working before enabling these flags. Sorry if I have misunderstood. It's about time we found out what was happening. So thank you for that :) |
|
Ah yes, sorry it was a misunderstanding on my part. Thanks for pointing this out! I've edited my comment. I was unable to reproduce the issue by forcing those flags off, but regardless I still think the login issues are due to #3004. |
|
Disabling 'sameSite' feature on chrome://flags didn't help this. I'll share that like recommended, I used Google API to sign in and it worked for me. I haven't used credentials to sign in to firebase yet, but that's simple. Just a reminder that Vuejs has public/index.html, so we can actually use the pure html/javascript that Google API uses. I spent a lot of time trying to find nodejs alternative while ignoring third-parties. |
|
I have issues in google crome |
|
Any update? |
and others
[REQUIRED] Describe your environment
[REQUIRED] Describe the problem
Warning with cookies :
Steps to reproduce:
The text was updated successfully, but these errors were encountered: