Mapbox-gl-js: A cookie associated with a cross-site resource at http://mapbox.com/ was set without the `SameSite` attribute.
mapbox-gl-js version: 1.8.1
browser: Version 80.0.3987.132 (Official Build) (64-bit) macOS Catalina 10.15.3 (19D76)
Steps to Trigger Behavior
- Use Vue with https://soal.github.io/vue-mapbox/guide/ - but I think it's optional since it's using mapbox-gl underneath.
- Run it on production website with real domain.
- Console should give warning which blocks display of map (see below)
A cookie associated with a cross-site resource at http://mapbox.com/ was set without the
SameSiteattribute. It has been blocked, as Chrome now only delivers cookies with cross-site requests if they are set withSameSite=NoneandSecure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Link to Demonstration
-
Expected Behavior
Display a map in production
Actual Behavior
Throws warning in console about SameSite attribute cookie and prevents from displaying map.
rafalolszewski94
All 7 comments
Thanks for opening this issue, @rafalolszewski94. Would you please provide an example that triggers this console message or point me to a page that you have observed this error? We recommend using https://jsbin.com.
To my knowledge, none of the requests made from GL-JS to mapbox should attempt to set a cookie and should not break as a result of chrome's enforcement of the sameSite guidelines.
But we can certainly double check that assumption.
sgolbabaei
on 11 Mar 2020
You can see it here https://dominikkolasa.pl/
rafalolszewski94
on 11 Mar 2020
I just noticed the same warning today on my Reactjs webapp, appearing on every page on refresh so I guess it comes from one of those two css files:
<link
href="https://api.tiles.mapbox.com/mapbox-gl-js/v1.4.1/mapbox-gl.css"
rel="stylesheet"
type="text/css"
/>
<link
rel="stylesheet"
href="https://api.mapbox.com/mapbox-gl-js/plugins/mapbox-gl-geocoder/v4.5.0/mapbox-gl-geocoder.css"
type="text/css"
/>
VictorBaudot
on 12 Mar 2020
Is there any investigation going on this case or is it forgotten ?
rafalolszewski94
on 14 Mar 2020
This is a warning that only occurs for on browsers where someone has visited and/or signed into https://www.mapbox.com, and not for other users. This can be confirmed by visiting the link in https://github.com/mapbox/mapbox-gl-js/issues/9404#issuecomment-597810206 with an incognito browser or from a Chrome browser that has not visited or logged into https://www.mapbox.com.
Closing here as there is no impact to end users viewing a gl-js map, and there is nothing actionable for this library.
asheemmamoowala
on 16 Mar 2020
We've changed map to Google embed, that's why it's working now.
Not visiting mapbox.com is not a solution for end users IMHO. Most of them
probably won't visit it, but what if some did?
On Mon, Mar 16, 2020, 08:00 Asheem Mamoowala notifications@github.com
wrote:
This is a warning that only occurs for on browsers where someone has
visited and/or signed into https://www.mapbox.com, and not for other
users. This can be confirmed by visiting the link in #9404 (comment)
https://github.com/mapbox/mapbox-gl-js/issues/9404#issuecomment-597810206
with an incognito browser or from a Chrome browser that has not visited or
logged into https://www.mapbox.com.Closing here as there is no impact to end users viewing a gl-js map, and
there is nothing actionable for this library.—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/mapbox/mapbox-gl-js/issues/9404#issuecomment-599374704,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AJBLIBHY2XLQ4GTJ6337EQDRHXE7PANCNFSM4LFTGKZQ
.
rafalolszewski94
on 16 Mar 2020
Agreed - relying on users not visiting mapbox.com and saying if they do there's nothing to be done is not really a solution. Cookies on mapbox.com should be structured so that no such problems occur.
teropa
on 7 Aug 2020
Related issues
foundryspatial-duncan
·
3Comments
aendrew
·
3Comments
yoursweater
·
3Comments
mollymerp
·
3Comments
PBrockmann
·
3Comments
Most helpful comment
Agreed - relying on users not visiting mapbox.com and saying if they do there's nothing to be done is not really a solution. Cookies on mapbox.com should be structured so that no such problems occur.