Chrome - Cross-Site Cookie Change & Impact to Collaborati Resource Center
This guide provides an overview of the Chrome Cross-Site Cookie Change and how it will impact the Resource Center within Collaborati
Chrome has announced a browser update, to be included in the Chrome 80 release, scheduled for February 2020*. The version will change the default cross-site behavior of cookies. It has the potential to impact federated login flows, multiple domains, or cross-site embedded content. Other areas of concern include iframes, 3rd party integration and ajax calls.
*Firefox and Internet Explorer will also release a similar fix in the near future.
The SameSite cookies change explained:
“SameSite” is a reasonably robust defense against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-into its protections by specifying a SameSite attribute. In other words, developers are vulnerable to CSRF attacks by default. This change would allow developers to be protected by default while allowing sites that require state in cross-site requests to opt-in to the status quo’s less-secure model. In addition, forcing sites to opt-in to SameSite=None gives the user agent the ability to provide users more transparency and control over tracking.”
Resources:
IMPACT TO COLLABORATI RESOURCE CENTER
The company that supports our resource center (Pendo), is pushing out an update to their cookies. Any impact would only affect Mitratech’s access to update the resource center and would not impact the user’s experience with the resource center in Collaborati. Essentially, there should not be any impact to Collaborati users. However, if you encounter any issues with the Collaborati Resource Center or any walkthrough guides - please reach out to isabel.keogh@mitratech.com