|
@
SimoAhava
Espoo, Finland
|
|
Husband | Father | Blogger | Keynote speaker | Partner, Co-founder @8_bit_sheep | Google Developer Expert | CookieStatus.com
|
|
|
8.612
Tweetovi
|
491
Pratim
|
17.104
Osobe koje vas prate
|
| Tweetovi |
|
Simo Ahava
@SimoAhava
|
1 h |
|
ITP doesn’t block anything - it just prevents the cookie being set. But if GA can’t set the cookie, it probably aborts the hit.
With a cookieless solution, *always* need to set “storage” field to “none”.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1 h |
|
I mean, there’s no issues with ITP or anything else if you’re just sending stuff via postMessage to the iframe page and then picking up those parameters and sending them to GA.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1 h |
|
Many ways to skin the cat. You could just as well send the hits from the iframe, as then you wouldn’t have to rewrite document location / path etc. A cookieless solution is best all things considered. Downside is that if user visits iframe page directly they’ll be a new user.
|
||
|
|
||
| Simo Ahava proslijedio/la je tweet | ||
|
Google Webmasters
@googlewmc
|
13 h |
|
We had an issue with the GTM verification method in Search Console, but it should be solved by now. You might need to re-verify. More details on how to verify at support.google.com/webmasters/ans…
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
17 h |
|
That would work of course as would other manual workarounds, too :) G should update the SDKs to support cookieSameSite and cookieSecure fields in the tracker!
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
22 h |
|
Also, I think that Edge just warns about that if the site sends a network request to a classified domain, even if no storage is accessed?
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
23 h |
|
I think occasionally the GA endpoint drops a cookie on google-analytics.com (maybe with the DoubleClick redirect?), which would be blocked as GA is in the “Tracker” lists.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
3. velj |
|
David, this is almost five years old :)
|
||
|
|
||
| Simo Ahava proslijedio/la je tweet | ||
|
ℨ𝔞𝔠𝔥 𝔈𝔡𝔴𝔞𝔯𝔡𝔰
@thezedwards
|
1. velj |
|
Google only puts SameSIte updates & release dates here (chromium.org/updates/same-s…), and this Friday evening they quietly pushed the release date to February 17th and then pretended like they weren't saying February 4th for months. // maybe a changelog here? more transparent edits? pic.twitter.com/x73dhaRqi2
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1. velj |
|
Wikipedia got my back! pic.twitter.com/v08oUJ2KZi
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1. velj |
|
Haha yeah, well, maybe Google will announce they meant Feb 17, 2021 all along.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1. velj |
|
Yeah, it’s really fragile. Safari requires / will require Storage Access API, Chromium browsers SameSite changes, nothing on Brave...
A stateless solution with window.postMessage polling on every page would prob. be best. Will write a new guide!
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1. velj |
|
Chrome has said that the SameSite changes will be enforced on the week starting Feb 17, and initially only to a subset of users. twitter.com/simoahava/stat…
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
1. velj |
|
No official announcements because it wasn’t an official announcement. Video will come later if the speakers agree it’s ok to release.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
I’d like to respond with something clever but I feel like it can and will be used against me in all future dinners with you and your team
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
It would! Without being able to set the cookie in the iframe to SameSite=None the cookie would not get set. It might work on the first page but if the user navigates in the iframe a new client ID would be generated.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
:D it was good seeing you briefly - too bad we didn’t get a chance to chat proper! Next time, then.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
Solution is to petition your analytics vendors to make the SameSite and Secure flags configurable when the tracking cookie is created. I’ve given feedback to Google about this.
For Safari, you’ll need the Storage Access API.
web.dev/samesite-cooki…
developer.mozilla.org/en-US/docs/Web…
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
This applies to a common scenario where the site loads a third-party booking flow or shopping cart in an iframe, and tries to do cross-domain tracking with e.g. the @GoogleAnalytics _ga cookie.
Without SameSite=None;Secure that cookie can’t be accessed and tracking won’t work.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
31. sij |
|
|
||