Ii89.Claim Your Free 999 Pesos Bonus Today

Oleg Meglin
(@omeglin)

5 years, 1 month ago

Hello,

first of all: Great plugin! Keep up the great work!

For some time Google Chrome issues warnings in the console:
A cookie associated with a cross-site resource at https://www.google.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

Is there a workaround to get rid of this warnings?

Many thanks for your help.

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Author Takayuki Miyoshi
(@takayukister)

5 years, 1 month ago

Where can we see the website?

Thread Starter Oleg Meglin
(@omeglin)

5 years, 1 month ago

Sure. Pretty much every WordPress with installed Contact Form 7 and activated Google reCAPTCHA. I’ve just created a fresh installation for better understanding:
https://demo.megl.in

The above page is a complete fresh installation without any other plugins installed.

Additionally, I tested it in other browsers. With the following result:

Firefox (v69.0.2)
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “‘unsafe-inline'” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “https:” innerhalb script-src: ‘strict-dynamic’ angegeben
Content Security Policy: Ignorieren von “http:” innerhalb script-src: ‘strict-dynamic’ angegeben

Safari (v12.1.2)
[Error] The source list for Content Security Policy directive ‘script-src’ contains an invalid source: ”strict-dynamic”. It will be ignored.
[Error] The source list for Content Security Policy directive ‘script-src’ contains an invalid source: ”strict-dynamic”. It will be ignored. (x2)

Obviously, the problem should be the Google ReCAPTCHA script. Any suggestions for a workaround?

diamondrcreative
(@diamondrcreative)

5 years, 1 month ago

Having same issue. https://diamondrcreative.com/

joelramirezleal
(@joelramirezleal)

5 years ago

Me sucede lo mismo

adavenue2015
(@adavenue2015)

5 years ago

I have the same issue, it been over a month; any update?

gadeas
(@gadeas)

4 years, 7 months ago

Hello,

Any news on this? Chrome v80 is already out and there’s no fix for this yet?
https://www.chromium.org/updates/same-site
Thread Starter Oleg Meglin
(@omeglin)

4 years, 5 months ago
Hi guys,

I don’t have a solution, but I have a workaround to reduce the warning only to the pages with a contact form:
```
/**
 * Removes the CF7 scripts if the shortcode is not on the page
 */
function mm_deregister_cf7_scripts() {
    if (class_exists('WPCF7')) {
        global $wp_query;
        $content = '';

        if ($wp_query->post) :
            $content = $wp_query->post->post_content;
        endif;

        if (!has_shortcode($content, 'contact-form-7')) {
            wp_deregister_script('google-recaptcha');
            wp_deregister_script('contact-form-7');
        }
    }
}

add_action('wp_enqueue_scripts', 'mm_deregister_cf7_scripts'); 
```
This workaround also has the additional advantage that the CF7 JavaScript is not loaded unnecessarily.
- This reply was modified 4 years, 5 months ago by Oleg Meglin.

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Warning: A cookie associated with a cross-site resource…’ is closed to new replies.