FAQ: Are ArcGIS products prepared for the Chrome cross-site cookie update?
Question
Are ArcGIS products prepared for the Chrome cross-site cookie update?
Answer
When loading a website, the following message may be seen in the Chrome Developer Tools console tab:
"A cookie associated with a cross-site resource at <Website> was set without the 'SameSite' attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with 'SameSite=None' and 'Secure'. You can review cookies in developer tools under Application>Storage>Cookies..."
ArcGIS products are prepared for this change.
The Chrome update only affects scenarios where ArcGIS web applications are embedded in an application that is deployed on a non-arcgis.com domain. This is a common workflow with Hub site applications, and cookies relevant to this workflow were addressed in the December 2019 ArcGIS Online update.
Related Information
- Chrome Platform Status: Cookies default to SameSite=Lax
- Chrome Platform Status: Reject insecure SameSite=None cookies
- Web.dev: SameSite cookies explained
Last Published: 11/19/2020
Article ID: 000022568