Twitter | Search | |
Simo Ahava
PSA: The upcoming enforcement in Google Chrome v80 (Feb 4) *can* impact your first-party analytics trackers. If you load content from a cross-site host in an iframe, any JS cookies being accessed within that iframe would need SameSite=None;Secure settings.
Reply Retweet Like More
Simo Ahava Jan 31
Replying to @googleanalytics
This applies to a common scenario where the site loads a third-party booking flow or shopping cart in an iframe, and tries to do cross-domain tracking with e.g. the _ga cookie. Without SameSite=None;Secure that cookie can’t be accessed and tracking won’t work.
Reply Retweet Like
Simo Ahava Jan 31
Replying to @SimoAhava
Solution is to petition your analytics vendors to make the SameSite and Secure flags configurable when the tracking cookie is created. I’ve given feedback to Google about this. For Safari, you’ll need the Storage Access API.
Reply Retweet Like
Dana DiTomaso Jan 31
Replying to @SimoAhava
Would this affect iframe decoration that you talk about in this article?
Reply Retweet Like
Simo Ahava Jan 31
Replying to @danaditomaso
It would! Without being able to set the cookie in the iframe to SameSite=None the cookie would not get set. It might work on the first page but if the user navigates in the iframe a new client ID would be generated.
Reply Retweet Like