Deprecation warning in DevTools - Cross-Site error #15643
Comments
|
Hi! Thanks for being part of the Font Awesome Community and thanks for the report. I can see this one in a normal window: I can see fo Anyway, in an incognito window I can't see this cookie @robmadole any chance to check this? |
|
also receiving the warning in Chrome and was just wondering if there was a workaround |
|
I'm getting the same warning in chrome with development work using fontawesome, bootstrap, and cloudflare CDN's. |
|
Ditto for embedded Twitter, Facebook, YouTube and Analytics. |
|
This might be useful https://www.chromium.org/updates/same-site |
|
I'm having the same issue with the fontawesome kit (Pro).
Also note that the error mentions |
|
I have the same problem :-( Maybe this (https://stackoverflow.com/questions/58270663/samesite-warning-chrome-77) can help to fix. |
|
Reporting same problem here. |
|
Yep. Lots of this going around. #Me2 |
|
We have added this SameSite attribute for fontawesome.com. Since you already have cookies you will have to log out and then back in to get a new cookie with the new attribute. Also note that we use a few third party services that haven’t updated their cookie settings. So the warning may still show up but there isn’t anything we can do about this until those other places make the same updates we did. |
|
@robmadole. What exactly is the setting that you put in the cookie out of curiosity. The documentation is spotty at best |
|
Couple of things. We set |
|
Where would I add SameSite=Lax ? |
|
I think the problem has more to do with cookies set on the Font Awesome website than by a Font Awesome service. After visiting fontawesome.com, a number of cookies are set for analytics, optimisation, etc. When my site connects to kit.fontawesome.com or kit-pro.fontawesome.com then those same cookies are sent with the requests.
|
|
@LeaTark yep, these are integrations that we are using that haven't updated their cookie setting to include the new attribute. We can't do anything to these until those services decide to update their code. @mau211 are you asking about where you would do this for your own site? There are quite a few tutorials online and lots of information. Just do some googlin' |
Might it be an idea to serve kits from a different domain so the cookies relating to third party integrations on your website aren't included in the request? |
|
Hi All, |
|
This is becoming a real issue. Webstation GBS provides sites that are both error free and score an average of 99+% in Google Lighthouse. If this cannot be fixed by Fontawesome, we will have to resort to using our own SVG graphics.
|
|
We are still experiencing the warnings from both Fontawesone and almost ALL third parties related to the libs. Please fix. If we can be of help, don't hesitate to ask. Our devs will gladly fix this if allowed. |
|
@webstationhq since Font Awesome CDN is not setting cookies, those cookies come from the Font Awesome website and are restricted to Font Awesome visitors, could you please check if you have the same issue on your website in an incognito window? |
|
For me, I suppose the main concern is that Font Awesome's widespread use is facilitating third-party tracking on so many other sites. If my visitors opt out of tracking then they expect not to be tracked. It’s not reasonable for tracking to be enabled on one site (mine) after visiting a different one (yours). A cookie-free domain for hosting kits seems to be the way to go. |
Personally speaking, I would go for this approach |
Thank you. I did (attached) as you said and no sites seem to have the issue. How long are you cookies set for by default?
|
|
You're welcome
You can check in the browser development console (in chrome: inspect => Application => Cookies => Expires column). Many of them will stay there for a long while |
|
I manually removed all of the FontAwesome cookies as @tagliala suggested, and now it appears the warning is gone. |
|
😞 Bad news... The warning returned:
My site simply includes the FontAwesome JS in (Obviously, not my magic id.) Aside from hosting the |
This has been probably caused by a visit to the aforementioned website, which is an old service and it is not used neither by the actual font awesome CDN (use.fontawesome.com or pro.fontawesome.com) nor by the kits (kit.fontawesome.com) Again, this is something that would not affect your website's users, please try in an incognito window |
|
Not sure if this is helpful, i really only skimmed this thread but i added the SameSite= "none Secure" attr to the head element pulling the assets. The chrome warning is gone, not sure how permanent this is but its gone for now.
|
|
I can get it to work for my site. It actually seems to have something to do with going to the actual font awesome site. I can remove all cookies and refresh my own site without any issue (with the samesite="none" attribute), but if I go to fontawesome.com and then refresh my site then the warning comes back. |
Hi, this has all to do with fontawesome.com website. If your website user didn't visit Font Awesome, they will be fine
this is not needed Try this page using a kit in a new incognito window: https://tagliala.github.io/fa15167-kit, you should not see any warning |
|
Again this issue is because of the mixpanel cookie set on the fontawesome.com website. The cookie does not specify |
If I add crossorigin="anonymous" then i get the following warning and not able to use icons anymore |
|
Setting SameSite is not a valid attribute: https://developer.mozilla.org/en-US/docs/Web/API/HTMLScriptElement What's really clearing the warning is removing your cookies. The warning will remain gone until you venture back to fontawesome.com in a browser window, then they will appear again. This will persist unless fontawesome uses a different domain to host their CDN.
|
|
Reporting this here same issue:
|
|
Hi again, please do not add I've asked Rob if we can do something about the other cookies that do not set SameSite attribute |
Hi Geremia. I read only now your last comment. Ok, it is not suitable to use 'SameSite' in the call to kit.awesome.com... |
Thanks for the patience, @robmadole has this in the to-do list Please notice that this does not affect the visitors of your website, unless they have visited fontawesome.com before. To check, you can:
|
|
And what if our customers do go the the fabulous Font Awesome site because, you know, they are developers too. Do I just tell our customers who happen to be in the software development business that they can be our customer any more? Your response is not acceptable. We have paid an annual subscription and expect that this gets resolved. VR Architect |
|
@VR-Architect I would think you can explain to your customers that Chrome has implemented a security feature and that many sites around the Interwebs are trying to update to accommodate. Look folks, I understand that this is irritating but have a little patience. Even Google has made some allowances for the current situation. Let me give you an update on where we are at with this: Cookies from fontawesome.comWe've already changed the setting and added the The Mix Panel cookieWe've removed mix panel integration altogether in an attempt to fix this. This hasn't been deployed yet but it will be soon. Google Analytics integrationFrom what we are reading this is the difficult one. Apparently you need to update to the newer gtag.js library. It's the last one on our list to get updated. We'll get this fixed but please remember that we are not causing this. Give @tagliala a break as he's got less control over this than the development team at Font Awesome. |
|
Just wanted to add that I am a user of fortawesome with the custom icon packs, and seeing the same error on my site from that resource. |
|
I have the same issue and still couldnt fix this. |
|
Thank you for your hard work on this. It seems to be 4 months after the last update. Any further updates for us? Again, thank you for your efforts. |
|
Same issue, any updates? |
|
I am also having the same issue. Waiting for an updated response. |
|
I had fixed by download and embed external file |
|
We've made some changes to out Google settings which should set the Can I get everyone who is willing to re-test this? Please make sure you start with a fresh browser session. (Or use incognito) |
|
@robmadole fixed for me This is the only warning I can see in the console: |
|
|
I cannot replicate. I can see @LeaTark any chance to provide a link to your website? Version of Chrome / OS? @robmadole is there any chance to plan a switch to a cookie-free domain for CDN assets? Even when this problem will be solved, there are cookies set by fontawesome.com that will be forwarded to |
|
www.npt.gov.uk
Chrome 80 / Win 10
|
|
@LeaTark thanks Can't test with Chrome 80 at the moment. I cannot replicate on Chrome 85 / Win 10 I've tried the following:
Request to
No messages in the console, except for |
|
One of those is not filtered out for me
|
|
Any chance to test with an up to date version of Chrome? |
|
I can confirm that the warning does indeed disappear when updating to Chrome 85 |
|
I have not been able to remove the warnings. I am using Win 10/Chrome 85. I tried the following steps:
Did anyone else do something different, but the warnings were removed? |
@tagliala we're still looking into this. |
and others
Chrome DevTools reports the following warning:
A cookie associated with a cross-site resource at http://fontawesome.com/ was set without the
SameSiteattribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set withSameSite=NoneandSecure.Using Fontawesome Kit as per instructions on website, with crossorigin="anonymous" attribute.
The text was updated successfully, but these errors were encountered: