Samesite Cookie & Header Warnings

[9mido]

Not sure if this matters for newer versions of Chrome but for older Chrome versions this warning shows:

A cookie associated with a cross-site resource at was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at and .

Provisional headers are shown

Can someone verify if anything needs to be done with either this app, nginx/apache, middleware, or django settings to get these warnings to go away?

[JoelEdem]

You need to enable https on your application. The development server does not support https so you'll have to do that when you set up your production server.
then set
SESSION_COOKIE_SAMESITE = None
LANGUAGE_COOKIE_SAMESITE = None
CSRF_COOKIE_SAMESITE = None
SESSION_COOKIE_SECURE = True
LANGUAGE_COOKIE_SECURE = True
CSRF_COOKIE_SECURE = True

you can find documentation about the alternate values for samesite here:
https://docs.djangoproject.com/en/3.0/ref/settings/#session-cookie-secure

[9mido]

Good to know. Thanks!

[iann838]

@JoelEdem Hi, I enabled https on my app, and set all those settings in the settings.py, in production it is still prompting the same warning for samesite. Any alternative fix for that ?