In the last couple of days, Chrome has started notifying of deprecation in a "unsafe" cross-origin.
I have not been able to find a solution or what should/could be done here to avoid potential future issues.
Below are a screenshot and a transcript of the error.

A cookie associated with a cross-site resource at https://stripe.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Hi @ScottAgirs, thanks for the report! We're already tracking this internally as this warning comes from Stripe.js, not from react-stripe-elements. For now this is a warning and won't affect payments, and we're working on a fix which will eliminate this message and be compatible with Chrome's upcoming cookie-handling changes.
@fred-stripe, will you notify developers when this change is ready? How? Thanks! David
I'm also having the same issue -when it would be fixed?

I'm facing the same issue when the fix will be out?
@noylev The screenshot you've included is for cookies/resources unrelated to Stripe (looks like they're Google related).
There are some cookies that Stripe sets that we are working on adding the SameSite attribute to decrease occurrences of this warning as it pertains to Stripe domains. That said, for nearly all of these cases the default behavior in Chrome 80 will be acceptable and will not break anything Stripe-related, despite being a bit noisy in the mean time.
has anyone got any updates on this issue? I am having the same problem.
@oliver-stripe did you guys have a time for how long is this fix going to take?
This warning is spreading like a wildfire

Chrome 80 is set to be released early February, which will contain the new behavior being warned of. We're working through explicitly setting SameSite on various cookies and will have that done before then, but I don't have a concrete timeline yet.
Note that the change in behavior will not be impactful for most of these cookies and will not break any Stripe functionality.
In the mean time, if the warnings are problematic during development, you can also disable them at chrome://flags/#cookie-deprecation-messages.
With the new Chrome version, it is now an error, not only a warning.
@casper5822 I couldn't reproduce on Chrome 79. It's still a warning in our tests. Do you have a screenshot? I don't believe it should have changed before Chrome 80 (https://www.chromestatus.com/feature/5088147346030592).
That said, we still intend on having the applicable cookies addressed before Chrome 80 ships (Feb).
If i use the test key it there is a cors error with Chrome 79. If i use the production key it is a warning
@casper5822 That sounds like probably a different issue. If you still have issues, please send details to our support and they can help you out! (https://support.stripe.com/)
We are less than a month away from the Chrome 80 release (in February).
Any news about the aforementioned "fix" being worked on by Stripe ?
Yes, we're in progress with updating the relevant cookies to have it done before Chrome 80 release. We've got a number of stripe.com properties to update and want to make sure we do this without accidentally breaking anything.
Note that not all cookies may get updated with a SameSite attribute, but in those cases the new default behavior in Chrome 80 will be acceptable and not introduce any breakages. We're not yet sure if those benign cases will still trigger this warning message at that time, but if they do, we'll look at addressing that separately.
Hello everyone. Wanted to provide an update. We've been rolling out the SameSite update to various stripe.com cookies. By now, we believe to have updated all the cookie that would have broken functionality with the new Chrome 80 update. We've also started to explicitly set SameSite=Lax on cookies where that new default behavior would be acceptable in order to cut down on the warning spam here.
That said, there may still be some cookies without the SameSite attribute. For the remaining cases, we believe the new default Chrome 80 behavior will be fine and do not expect any issues. They'll continue to cause warnings (which we hope to go away once 80 ships), but are harmless.
I'm going to close out this issue since it's not something directly related to the code in react-stripe-elements and we expect there to be no upcoming issues with the Chrome update with Stripe.js.
I am on Chrome 80 (beta) and this warning still happens, only the wording is slightly different.

I am experiencing this issue as well.
A cookie associated with a cross-site resource at https://m.stripe.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Hi folks, yes, it looks like Chrome 80 still prints an adjusted warning. The remaining cookie warnings are benign and will not cause any issues by not being sent in these contexts. We'll be looking at ways we can further eliminate these, but for now they can be safely ignored.
I have upgraded to latest Stripe 7.22.0, and for the remaining cookie warnings to disappear I had to do this :
The 1st condition is particularly annoying, because it means that customers who have been before on a Stripe-based payment form will still get the aforementioned cookie warnings.
I am getting the same as others.

The remaining cookie warnings are benign and will not cause any issues by not being sent in these contexts
Hi @oliver-stripe,
This is not a serious attitude towards security and software quality. Also it's wrong.
This issue is actually the root cause of an authentication problem on a large site. You're probably wondering "What does this have to do with authentication". Let me explain.
Imagine you're a developer working on the frontend of an ecommerce site for many months. You look at your console everyday and you see the same wall of yellow text

Eventually you stop actually seeing warnings. It's all just a wall of yellow text due to a 3rd party dependency that you can't control (Stripe) and you become desensitized to it. Suddenly a new warning occurs - one that is not directly related to Stripe.
Do you notice this new warning? In most cases, you will not notice it because Stripe Engineering has trained your mind to become accustomed to JS console warnings.
As a consequence, end-users begin reporting that they can no longer login. Why? Because Chrome made a change that effects websites that set cross domain cookies. Chrome has been warning you about this, but you didn't notice it because of the poor signal:noise ratio thanks to Stripe.
Please re-open this bug.
Please re-open this bug. ^
Reopen plesase...!
A cookie associated with a cross-site resource at http://stripe.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
Still persists ...
I agree with @iMerica that "safely ignoring" the issue is not an acceptable solution. Since we're all relying on Stripe for safely accepting payments in our applications, I'd expect you to take these kinds of issues more seriously. Security should be a top priority.
I'm getting this warning in my site also and my users have been reporting it to me thinking there's something wrong.
Still seeing this issue May 2020.

@oliver-stripe Why is this ticket closed? It has not been fixed, and it's a serious security issue. In a payment processor. That processes payments, made of money. Come on. You're basically a bank, please take security seriously.
There are absolutely no security implications from these warnings. Stripe.js and Elements do not use cookies on stripe.com, and regular users that never visited the Stripe dashboard, support site or documentation do not have any cookies on stripe.com, which means no warning in the console. You can verify as much by testing in a new incognito session.
See https://support.stripe.com/questions/chrome-80-samesite-cookie-change
Hey all, thank you for your patience with this. As has been stated earlier, the existing warnings are not a security issue themselves, though we realize that the noise the warnings cause can obfuscate other unrelated issues especially in development. The SameSite attribute should now be set on all new stripe.com cookies we are aware of, which should prevent this warning from appearing when loading Stripe.js.
That said, we're not able to proactively update cookies in Chrome that have already been set, so you may still see this warning until:
Revisiting stripe.com (such as our homepage or docs) may also update the cookies to now have the appropriate SameSite attribute, but it may be tricky to determine which page impacts which cookies if you are intentionally trying to update them.
If you still believe there are offending cookies being set, it would help to know which Stripe page was visited (such as a docs URL) to cause the warning to appear. If you can reproduce it by visiting a Stripe URL in an incognito Chrome session and then visiting your site with Stripe.js loaded in that same window, please let us know the offending URL and we'll investigate.
Most helpful comment
Hi @oliver-stripe,
This is not a serious attitude towards security and software quality. Also it's wrong.
This issue is actually the root cause of an authentication problem on a large site. You're probably wondering "What does this have to do with authentication". Let me explain.
Imagine you're a developer working on the frontend of an ecommerce site for many months. You look at your console everyday and you see the same wall of yellow text
Eventually you stop actually seeing warnings. It's all just a wall of yellow text due to a 3rd party dependency that you can't control (Stripe) and you become desensitized to it. Suddenly a new warning occurs - one that is not directly related to Stripe.
Do you notice this new warning? In most cases, you will not notice it because Stripe Engineering has trained your mind to become accustomed to JS console warnings.
As a consequence, end-users begin reporting that they can no longer login. Why? Because Chrome made a change that effects websites that set cross domain cookies. Chrome has been warning you about this, but you didn't notice it because of the poor signal:noise ratio thanks to Stripe.
Please re-open this bug.