Chrome version 80 is set to ship in February 2020. With this release there are some new cookie security features coming that will force Chrome clients to enforce a SameSite check policy. Right now, this policy would break all the functionality of issue collectors that appear on separate domains.
If the issue collector could set the SameSite=None in the cookie it appears that it could at least allow the issue collectors to work on different sites.
- Inside a Chrome browser, go to address of chrome://flags and find entry called 'SameSite by default cookies' change this from default to Enabled (this feature is expected to ship in official Chrome 80 version on by default, hence this is something we should look to support, even if this specific version is not yet officially supported).
- Then in my Jira Cloud site, I created a new issue collector
Issue collector works as expected.
Issue collector does not work. When the user click the expand button, they are presented with an error asking them to enable 3rd party cookies
The browser console log has an info message of
This feature can be enabled on most modern versions of Chrome such as 79.0.3945.117 (my current version) and also within Canary versions such as Version 81.0.4029.0 (Official Build) canary (64-bit).
The expectation though is that Chrome will implement this feature as on by default when a stable version of v80 is released. https://blog.chromium.org/2019/10/developers-get-ready-for-new.html explains this further.
Mozilla has affirmed their support of the new cookie classification model with their intent to implement the SameSite=None; Secure requirements for cross-site cookies in Firefox. Microsoft recently announced plans to begin implementing the model starting as an experiment in Microsoft Edge 80.
XSRF token check was disabled for this API:
You don’t have to enable 3rd party cookies to make the issue collector work. We’ve removed this requirement, also dropping some error messages that reminded about it.
- In Chrome you could go to chrome://flags
- Find the entry for 'SameSite by default cookies'
- Set this to Disabled
- Relaunch Chrome