New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
There is no way to enable 'secure' for the 3rd party cookie #15672
Comments
Moreover there'is a problem with Iframe using samesite=lax. |
Indeed. It seems The tagmanager |
created matomo-org/tag-manager#229 for tag manager |
How does it work with Iframe service ? here
or we may need an third part cookie ? |
You mean for the tag manager preview cookie? Could do. Although it might not be needed as the preview cookie only works on the same domain as the Matomo anyway and when maybe all is on the same domain it might not be an issue? Can do though, the only problem though is that it makes it more difficult for some users when they have http and https and the preview mode would then only work on https issue. This is why I went for |
Thomas, I've got a site with a partner call mybrand.partnerbrand.com I've setted a first part cookies in tag manager on the configuration matomo variable on this site with domain name cookie mybrand.partnerbrand.com But when you call the url mybrand.partnerbrand.com through an iframe in the site mybrand.com the cookie on mybrand.partnerbrand.com is not setted. To do this if I understand as well as I could the mechanism of cookie since Chrome 80 you need to set a 3rd party cookie with domain partners.mybrand.com with samesite=none and secure attribue. To achieve the goal through an iframe we need to decide in variable configuration Matomo in Tag manager if the cookie will be 1rst o 3rd party (with none and secure attribute). |
@ggr-mtm I think what you are after is actually matomo-org/tag-manager#217 . We don't support setting the cookie on a different domain yet in tag manager. I'm getting bit confused though why you are referring to Matomo Variable Configuration. Maybe have a look here re third party cookies. I suggest you create a new issue with what exactly you're after in the Tag Manager repository so we can discuss there as it may not be directly related. Tag Manager basically only sets a preview cookie, no other cookies. |
@MichaelHeerklotz PR was merged, we're hoping this works for you. |
A colleague just informed me that it is currently impossible to enable the "secure" flag for the 3rd party cookie.
This triggers a warning in browsers, because it is set to SameSite=None but not secure.
The text was updated successfully, but these errors were encountered: