Setting 'SameSite' Cookie in Mautic

[Kookjay]

Hi guys,

I have been having some trouble with my Mautic opt in lately - Once you enter your credentials and press Submit the pop up is not disappearing and I am getting the below error (well I am getting 3 one for the www version or the domain, one for the non www version and one for the Mautic mail.website version).

A cookie associated with a cross-site resource at http://www.site.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.​

I am looking to set the SameSite and Secure attribute's but am a little unsure how to set this.

Am I correct thinking that I need to set this in my file manager under /wp-content/plugins/wp-mautic/wpmautic.php, using Set-Cookie: <cookie-name>=<cookie-value>; SameSite=Strict?

Any help would be really appreciated!

Sorry if this is a little unclear I am still trying to wrap my head around it all!

 

[CCarter]

Are you using the HTTPS version of your website? I suspect the problem is the "secure" part since "secure" can only be over https.

As well Mautic should be somewhat aware of this or made aware so they can do an update for users. Googling some of this and there seems to be almost no chatter.

Side note: Apparently using samesite: lax or samesite: strict, will prevent cookies from being sent with each image load, that essentially means pageloads are going to be a lot faster as a result. Nice benefit, I suspect that pingdom.com will pick this up since it's essentially the same thing as "serve static content from non-cookie domains".

So far this is the most easiest to understand for this SameSite situation: Using the Same-Site Cookie Attribute to Prevent CSRF Attacks