Chrome has started enforcing a new rule concerning cookies and the following message can be seen at this time in Canary:
A cookie associated with a cross-site resource at http://social.uploadcare.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at Chrome Platform Status and Chrome Platform Status.
It looks like this will move to the stable version of Chrome 80 in about a week. Does Uploadcare have plans to update how this cookie is set so that Chrome won’t start blocking it?
As soon as I select one of the Social tabs in the widget I see the warning, though I did do a hard refresh and now the domain that is in the message is ours instead of “http://social.uploadcare.com”. We aren’t storing any cookies directly, all of them are 3rd party cookies. After the uploadcare widget initializes but before I click on any of the social tabs this is what we have:
After I click on any of the social tabs (we are using Google Photos, Instagram and Facebook) I see this:
Along with the warning. Our site is a white label site so we have a lot of domains with different 3rd party analytics on different domains. It looks like this one has a Facebook Pixel (_fbp) and it gets added into the “https://social.uploadcare.com” cookies. We have another one that is not using a Facebook Pixel and we’re not getting the warning. So perhaps it’s not really uploadcare’s cookie that’s the problem but rather the Facebook Pixel that for some reason gets copied over.
