






















The Chrome version 80 SameSite cookie update is part of Google’s continuous efforts to improve privacy control and security across the web. This article provides a high-level overview of the update, as well as how Dynamic Yield has adjusted its cookie settings according to the new requirements.
In May 2019, Google announced it was changing the way its Chrome browser handles cookies. In an attempt to improve privacy and security across the web, gradual rollout of the new model began in February of 2020. Since then, many are still wondering what the update actually means and whether or not their personalization efforts will be impacted.
So let’s dig in a little deeper, putting some of the concerns associated with the release to rest.
First, a quick lesson on first- and third-party cookies to help create a little context for those who don’t typically tango with developer lingo, thanks to our friends at Google:
Cookies are small pieces of text data, that a site sends in its response. Your browser then stores these and sends them back to the associated site on eligible requests. If the site in your browser matches the site in the request, then that’s what’s referred to as a SameSite request, or a first-party cookie.
Conversely, if the site in your browser does not match the site in your request, then you’ve got a cross-site or third-party cookie. The same cookie may be sent in both of these scenarios. So first, or third-party is about the context of the request, not a specific property of the cookie.
Quick Reference: Cookie Terminology | |
Cookie | Small pieces of text data sent from a site and stored by the browser. |
Request | What is sent from the client to the server (what the browser provides). |
Response | The cookies that you want to place in the browser. |
First-party data | The site in your browser matches the site in the request (a SameSite request). |
Third-party data | Requests for resources that are pulled from a different site. |
In enforcing its “secure-by-default” cookie classification system, Chrome has started restricting access to only first-party cookies, or SameSite requests, unless otherwise specified. With the default browser setting now operating under the assumption that all cookies should be protected from external access, developers need to begin explicitly marking cookies for third-party access.
The updated cookie settings, which specifies when and how to fire cookies in first- or third-party situations, are reflected in the following SameSite attributes:
But despite the options available, cookie management has largely gone underutilized by developers, motivating Chrome to take matters into its own hands. In doing so, the updated browser settings will prevent a number of unnecessary threats, including those such as Cross-Site Request Forgery (CSRF) attacks.
A good explanation about SameSite cookies can be found here.
To recap, Google has changed the default from None to Lax when a cookie does not specify a SameSite value. From now on, new or existing cross-site cookies without the Secure attribute as well as proper labeling for cross-site cookies, will be unusable on Chrome 80 and above.
As of February 2nd, 2020, Dynamic Yield is fully compatible with the Chrome 80 SameSite. All of our servers have been updated to set the appropriate cookie attributes, and because they are correctly labeled as SameSite=None; Secure, the browser should not take any action to block these cookies.
With Dynamic Yield’s complete compliance, the Chrome 80 SameSite cookie change does not affect our customers and there is no action necessary on your end to continue using our personalization platform safely and securely.
Dynamic Yield promotes consumer privacy and we will continue to update our own solutions to ensure brands can accurately track important web activity while abiding by the many new browser privacy policies put forth by the likes of Chrome, Apple (we’re already compatible with ITP), and others.
For any additional questions, please contact your Customer Success Manager.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。