SameSite Not Being Set On "visitroute" and "EETrViID" cookies
(Doc ID 2971099.1)
Last updated on SEPTEMBER 12, 2023
Applies to:
Oracle Commerce Cloud Service - Version 23.05 and laterInformation in this document applies to any platform.
Symptoms
Using Lighthouse to generate reports site metrics like performance, SEO and others. The goal is to have at least 90 points out of 100 for all categories. Currently the "Best Practices" category is at 75 points out of 100.
According to Lighthouse, a cookie can be sent (or not) in a CORS request based on its "SameSite" attribute. For a cookie to being sent on a CORS request, its "SameSite" prop should be defined as "None", and also have the "Secure" attribute set. If the cookie is not supposed to be sent in CORS requests, its "SameSite" prop should be defined as "Strict" or "Lax". The problem is that neither the"visitroute" nor "EETrViID" cookies have their SameSite set to a value. Instead SameSite is set to a blank value for both the visitroute -AND- EETrViID cookies.
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |