In che modo la politica sui cookie SameSite di Chrome influisce sulla mia integrazione Adobe Commerce? (Magento)

About Chrome's SameSite Cookie Policy

To resolve the SameSite Cookie issue, we highly recommend to upgrade your Adobe Commerce to the latest release.

The new Chrome SameSite Cookie policy enforced by Google (August 11, 2020) can possibly cause an increase in the number of 3DS drop-offs.

For users running Chrome 80 and higher, Chrome is enforcing a secure-by-default cookie classification system, treating cookies that have no declared SameSite value as SameSite=Lax cookies. Only cookies set as SameSite=None; Secure will be available in third-party contexts, provided they’re being accessed from secure connections.

Note: SameSite field isn’t yet widely supported in older browsers, as well as Safari and Firefox.

The fix

After noticing our merchants were experiencing issues, we immediately flagged it with Adobe Commerce in their GitHub issue. Adobe Commerce let us know they expect some changes from Adyen’s side, which our developers have released. Adobe Commerce will also provide the possibility for developers to configure the SameSite Cookie type for each cookie variable (to be added in a future Adobe Commerce release).

In our new release (6.6.5.), we resolved the Chrome Cookie Policy, so that no changes are needed from you. We introduced a new controller which receives the POST request from the Issuer page after the 3DS1 authentication. Since the session cookie isn’t available here (as the POST request was coming from an external URL) instead of processing the data, we POST it towards the original Process/redirect controller. This controller can now reach the cookie because the request is coming from the same url.

If you want to test your solution but you can't see the warnings, enable the experimental flags (chrome://flags), and set all the SameSite functions to Enabled.