Setting SameSite attribute for cookies from different render domains

dublek · November 11, 2023, 10:15pm

Seeing as google is going to be deprecating third party cookies in 2024, I want to ensure my site is using SameSite: strict. Right now, I have it set to SameSite: None (third party cookie). I have a static React Site front end hosted on: https://vikan-demo.onrender.com and a NodeJS backend hosted on https://vikan-server.onrender.com. My question is what is the best approach from going from a policy like this in my backend:

 res.cookie("userToken", token, {
  maxAge: 3600000,
  httpOnly: true,
  secure: true,
  sameSite: "None",
});

to something where the sameSite attribute can be strict but also work given that they’re hosted on different domains…

Keith · November 13, 2023, 8:46pm

Hi there,

You can’t use onrender.com when setting SameSite to strict (even lax??) because it is on the public suffix list, so subdomains of onrender.com are not considered the same site.

To achieve what you want to do, you will need to purchase your own domain and use it with your front and backend services as a custom domain.

Regards,

Keith
Render Support, UTC+10

dublek · November 13, 2023, 11:17pm

Hi Keith,

Thank you for your timely response. After searching around I came to the same exact solution. I already implemented it and it works. Consider this thread closed!

P.S Render is a phenomenal hosting platform.

system · December 13, 2023, 11:18pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cross-Site Tracking	2	262	August 16, 2023
Third party cookies must be enabled to set cookie on the browser	5	3617	June 13, 2023
How to send refresh token to stactic web app frontend	8	317	December 4, 2023
Host the backend on the subdomain	2	1102	June 11, 2023
Trouble understanding Express-session with Render	4	1077	November 13, 2022

Setting SameSite attribute for cookies from different render domains

Related Topics