Calling a bot from a different domain will stop working in early 2020 (due to Chrome update): setting the SameSite attribute

I’ve deployed a bot server which will display bots to different web pages within a different domain. However Chrome is advising that the SameSite attribute should be set to none,secure in order for this to continue working in early 2020.

There are further details about this here.

Is there an easy way to set the SameSite attribute for the cookie(s) that Botpress sets, or is an update required? I suspect this could become an issue for a number of people in early 2020 when Chrome enforces SameSite=Lax, so worth dealing with ASAP?




Hi @Oliver_Spencer, we will definitely have a look to make sure everything works smoothly with the new rules. It will probably require an update, but i’ll let you know if there is a workaround

Thanks for the update @allardy.

Hello !

Do you have any news about this warning ?
Chrome 80 is already out and it’s still a warning :+1: but i dont think it will last :grin:

Just a hint, it seems to be gradually rolled out, starting February 17, 2020.