SameSite Cookie via .htaccess file

Shopify Expert
61 0 27

I'm dropping this here as nice little tweak you can make to your app if you need to quickly/easily comply with Chrome's "SameSite=None; Secure" requirement. If your app has an .htaccess file it can actually handle cookie manipulation with a RegEx. This single line allowed me to get this requirement met in my app and go about the rest of my week :) 

 

Header always edit Set-Cookie (.*) "$1; SameSite=None; Secure"

 

Hope this helps. Take care all.

2 Likes
Highlighted
Shopify Partner
41 0 28

I came here to post the same tip :) but you pipped me to it. Thanks Jon.

I wrote a small blogpost with some extra details

https://grailslog.wordpress.com/2020/01/23/setting-the-samesite-attribute-on-the-jsessionid-cookie-f...

 

1 Like
Highlighted
Shopify Partner
192 11 20

Hi,
What about Incompatible Clients? here is list https://www.chromium.org/updates/same-site/incompatible-clients
how to deal with that in .htaccess file?
Thanks

If helpful then please Like and Accept Solution.
Email: suhagiyajivan1992@gmail.com
Skype: jivan.suhagiya
Give a try to Shopify APP: https://apps.shopify.com/short-track
0 Likes
Highlighted
Shopify Partner
48 0 19

Yeah this works, but breaks on safari...

 

Try this code in htaccess to fix:

 

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari)/i">
    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</If>

 

1 Like
Highlighted
Shopify Partner
48 0 19

Code above wasn't working on my version of safari on 10.14, so I tweaked the regex to exclude all Safari, and now it works.

 

Doesnt add samesite to Safari and some other incompatible browsers, but adds to Chrome

 

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\/.* Safari\/)/i">
    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</If>

 

0 Likes
Highlighted
Shopify Partner
192 11 20

Hi @Jason27 
Great help!
I tried code you provided in my .htaccess file. When I put second code it's breaking returning error(please refer attachment) on latest chrome browser(not tested in other browser). Do you know why its happening?
I appreciate you help!
Thank you error.JPG

If helpful then please Like and Accept Solution.
Email: suhagiyajivan1992@gmail.com
Skype: jivan.suhagiya
Give a try to Shopify APP: https://apps.shopify.com/short-track
0 Likes
Highlighted
Shopify Partner
48 0 19

Hi, just use the first one I posted for now. I thought my tweak to the regex was working, but I need to look at that. The first one still doesn't work for safari 10.14.6, but does work on some other versions including iOS. Will take a look at fixing the modified version over the next week. We have until Feb 17 anyways.

1 Like
Highlighted
New Member
2 0 0

Thank you !! saved my day trying to fix the issue for almost 2 days 

0 Likes
Highlighted
Shopify Partner
48 0 19

This version includes the fix for safari v13 on osx 10.14

 

<If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS X.*Version\x2F1[0-2].*Safari|Macintosh;.*Mac OS X 10_14.* AppleWebKit.*Version\x2F1[0-3].*Safari)/i">
    Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
</If>
0 Likes