前提
SameSite cookies explained
- Chrome80以降CookieはデフォルトでSameSite=Laxになる。
- クロスドメインでのCookie利用は"SameSite=None"を指定(+HTTPS接続のみ許可するためSecure属性)する必要がある
考察
- GoogleのDeveloper Advocate(エバンジェリスト rowan-m)によると、ユーザー個別で対応する必要はなく、そのCookieを生成するツールのベンダーが対応する問題の模様である
Setting Google Tag Manager cookies with SameSite and Secure attributes
For any of these warnings, if you are not responsible for the domain then you are not responsible for updating the cookies. The Google Tag Manager team will be responsible for updating the relevant code that sets the SameSite attributes for cookies from googletagmanager.com.
At this point, the warnings are purely informational and are not impacting functionality. Enforcing this behaviour in stable Chrome is not scheduled until M80, currently targeted for Feb 2020.
The cookies triggering the warning are coming from google.com so you will not be able to alter them. The Ads team is aware of these issues and is working to get their cookies fixed before the Feb 2020 stable date. It also means that none of the header directives you're specifying will affect the google.com cookie, it will only cover cookies set for your site.
If you have any cookie warnings that specifically list a domain you control, then you will need to add the correct attributes. -rowan-m
- 例えばリマーケティングなどの場合はサードパーティーCookie(別ドメイン)なのでそのベンダーが対処すべきと思われる
何かあればお手数ですが、本記事か以下アカウントでお知らせください!
\ Follow Me! /
Qiitaアカウント
Twitterアカウント