How to fix "This Set-Cookie was blocked due to user preferences" in Chrome? (Stackoverflow SSO Login / Ajax CORS request)
If you can only replicate this in Incognito and Pierre Pretorius's answer didn't help, you are probably being hit by a change in Chrome 83 where third party cookies are blocked by default in Incognito mode. See https://angel.co/today/stories/chrome-83-arrives-with-redesigned-security-settings-third-party-cookies-blocked-in-incognito-21796
I don't think you can do much to change this, and Google intend to making this the default behaviour in the future: https://www.theverge.com/2020/1/14/21064698/google-third-party-cookies-chrome-two-years-privacy-safari-firefox
The site that is passing the set-cookie
HTTP header also needs to pass the SameSite
as None
and also Secure
, else the cookie is not saved and is ignored.
Set-Cookie: qa_session=...; SameSite=None; Secure
Before you do, please read the security implications:https://blog.heroku.com/chrome-changes-samesite-cookie
PHP code example (source):
function setcookieSameSite($name, $value, $expire, $path, $domain, $secure, $httponly, $samesite="None"){ if (PHP_VERSION_ID < 70300) { setcookie($name, $value, $expire, "$path; samesite=$samesite", $domain, $secure, $httponly); } else { setcookie($name, $value, [ 'expires' => $expire, 'path' => $path, 'domain' => $domain, 'samesite' => $samesite, 'secure' => $secure, 'httponly' => $httponly, ]); }}
Select the first option in "Cookies and other site data" in Chrome settings which is "Allow all Cookies", It worked for me.