AB Tasty - EN release notes
AB Tasty - EN release notes

Google Chrome 80 update





We have an update for you regarding Google Chrome 80 Release and Cross-Domain Tracking.

What happened?

Google’s Chrome release, scheduled for February 2020, will change the default cross-domain (SameSite) behaviour of cookies. The change will enhance security and privacy, but will require websites to explicitly state label the third-party cookies that can be used on other sites.

“Samesite” attribute on a cookie controls its cross-domain behaviour. According to the Chrome Platform Status, “Samesite” is a reasonably robust definition against some classes of cross-site request forgery (CSRF) attacks, but developers currently need to opt-into its protections by specifying a Samesite attribute.”

Chrome 80 release sets cookies as “SameSite=Lax” by default if no “SameSite” attribute is specified. Up until the Chrome 80 release, the default is “SameSite=None”. After the release, developers can choose to opt in to the status quo of unrestricted use by explicitly setting “SameSite=None”; “Secure”.

What does this mean?

Cookies will no longer work for non-secure (HTTP) browser access, including any community, portal or site in your organization. Use HTTPS instead.

In addition, custom integrations that rely on cookies may no longer work within Google Chrome. This change affects, but is not limited to integrations using iframes and cross-domain communication.

What do I need to do?

Nothing! AB Tasty only uses First-Party cookies. Therefore, the Chrome 80 release won’t have any impact, unless you have enabled the Cross-Domain Tracking in your account. The current Cross-Domain Tracking relies on Third-Party cookies.

We’ve created a fix that has been integrated into the latest version of AB Tasty generic script (Tag V3). If not already done, your account will be switched to that latest version in the coming days/weeks. Once the Tag V3 has been enabled on your account, the Cross-Domain Tracking will work the same, but only within one session. Once the session ends, we cannot guarantee that the visitors will be recognized beyond the initial domain.

External Resources

Chrome Platform Status: Cookies default to SameSite=Lax

Chrome Platform Status: Reject insecure SameSite=None cookies