As of 4/3/20, Google has rolled back the SameSite changes: '...in light of the extraordinary global circumstances due to COVID-19, we are temporarily rolling back the enforcement of SameSite cookie labeling, starting today. While most of the web ecosystem was prepared for this change, we want to ensure stability for websites providing essential services including banking, online groceries, government services and healthcare that facilitate our daily life during this time. As we roll back enforcement, organizations, users and sites should see no disruption.' They are planning to re-roll out the changes sometime this summer. You can follow the updates on the Chromium Blog.
If so, you’ll want to be aware of changes coming beginning with Google Chrome v80, coming 02/04/20. Firefox currently has them available to test and will be making them default in the near future.
- As of v80, Google Chrome will change the default behavior to the SameSite attribute:
- Cookies without a SameSite attribute will be treated as SameSite=Lax.
- Cookies with SameSite=None must also specify Secure.
So why are we sharing this? Because some of our clients have need for a website front-end integration on their Quick Base realms. Our clients are continuously pushing the boundaries of what Quick Base can do, so it could be something we haven't heard of yet!
You’re now probably asking ‘do I need to worry about this?’ and the answer is, if you do not have an integration with Quick Base where you have designated cookies, then it’s likely you do not. If you have utilized a QSP, be assured we’ve shared this coming change with them, but feel free to follow up with your contact there to ensure uninterrupted service. You can rest assured we’re doing our part to make sure Quick Base continues to provide a consistent experience in modern browsers.
Click here for more information from the Chromium Blog.
Click here for an explanation of SameSite cookies.
Click here for more information on the IETF proposal for these changes.
Click here for more information on defining cookies and set-cookie header fields.