1

I am working on a fix for new third party cookie rules by google for chrome. Let's assume my website(say X) is iframed by some client's website (say Y). X uses google analytics and it sets some cookies (_ga etc). I have fixed X to make compatible with chrome>=80 in third party mode for Y but not able to test as cookies set by Google analytics js are rejected for X because they are set without samesite & secure flags.

My question is, Is there something I need to fix in my code for it OR as I fixed X for client Y, I should expect same from them. Thanks.

2 Answers2

0

Where these cookies are associated with an Analytics domain, then it's Analytics that's responsible for updating their code to correctly set the SameSite attribute. Google Analytics should be on course to update their code before Chrome 80 goes stable in February.

rowan_m
  • 2,893
  • 15
  • 18
0

I found raik's answer at [https://stackoverflow.com/questions/9094026/secure-google-tracking-cookies][1] very useful. It set secure and samesite to a value.

ga('create', 'UA-XXXXX-Y', {
    cookieFlags: 'max-age=7200;secure;samesite=none'
});
Erik Melkersson
  • 899
  • 8
  • 19