CODEWITHSUNDEEP
c#cefsharpchromium-embeddedsamesite
IMKalpeshJ
IMKalpeshJ

Reputation: 21

Disable SameSite Cookie policy in CefSharp V86

I am using CefSharp version 86.0.24, which uses chromium version 86 internally.

Starting V80 chromium has implemented samesite cookie policy due to which third party cookies having no same site and secure attribute are getting blocked using V80 and above.

In standalone chrome browser which is using chromium V88, this is still not enforced due to this flag legacysamesitecookiebehaviorenabled ,which is set at enterprise level.

Is there some flags or a way to suppress this setting in CEF sharp, as it has broke our lot of our application ?

Any help or lead will be appreciated.

Upvotes: 1

Views: 1669

Answers (2)

IMKalpeshJ
IMKalpeshJ

Reputation: 21

One Update : Although we are able to suppress the new same-site cookie policy. But this setting will be removed starting Chromium V93.

See the below notes available on chromium release notes : https://support.google.com/chrome/a/answer/7679408#88&zippy=%2Cchrome

==========================================================================

Chrome 93 will remove LegacySameSiteCookieBehaviorEnabled

When same-site cookie behavior was introduced, Chrome included policies to give admins extra time to adjust the implementation of any enterprise apps that relied on the legacy cookie behavior. The first phase of the transition plan will end in Chrome 93, and LegacySameSiteCookieBehaviorEnabled will no longer take effect. You will still be able to opt specific sites into the legacy cookie behavior using LegacySameSiteCookieBehaviorEnabledForDomainList until December 31st, 2022.

===========================================================================

It is better of fix this rather than adding this flag which will be removed in future.

Upvotes: 1

Carlos Delgado
Carlos Delgado

Reputation: 3065

According to the tests made on this website (https://samesite-sandbox.glitch.me/), by default when running the latest version of Cefsharp, the results are:

Cross-Site Cookies aren't set

In theory that's the safest thing to do. However, if its about the status of your application and it needs the oldest way of handling the cookies, in your question made on the Cefsharp Forum they suggested to disable the SameSiteByDefaultCookies feature. This can be easily done through the CefSettings object in the initialization of the browser:

CefSettings settings = new CefSettings();

// Append the name of the feature that we want to disable
// This should help with the problem that you have
settings.CefCommandLineArgs["disable-features"] += ",SameSiteByDefaultCookies";

// Rest of your code ....
Cef.Initialize(settings);

// Create a browser component
ChromiumWebBrowser chromeBrowser = new ChromiumWebBrowser("https://samesite-sandbox.glitch.me/");

After the initialization, if you use the mentioned tool the result will be different as the Cross-site cookies are now set:

Cefsharp Custom Behavior SameSiteByDefaultCookies

Upvotes: 2

Related Questions