Question posted in 
we are trying to set the samesite=none;secure in shopify app which is opening in iframe but we realised that it is being blocked by google chrome.
we are testing chrome 80 beta
we tried javascript and php but nothing is working.
app is embeded app and loading in iframe
here is php code
header('Set-Cookie: nameee=value; Max-Age=100; Domain=xyyyyy.com; Path=/; SameSite=None; secure;');
we tried java script also
document.cookie = "nameee=value;SameSite=none;secure;Domain=xxxx.com;Max-Age=100;path=/;";
our cookies are listed in blocked category here
any help will be great. we followed all online articles but we can see our cookies are in blocked category for chrome
3
Answers
Two things I would look into; Is the environment protocol HTTPS? It needs to be for the ‘Secure’ cookie attribute to work, and then SameSite. Also the ‘Secure’ attribute needs to be Uppercase S…
SecureLowercase/uppercase does not matter.
The most likely cause is that third party cookies (including your cookies, as they are for a cross-site iframe) are being blocked entirely. In your screenshot it says “third-party cookies are being blocked without exception”.
Try going to chrome://settings/content/cookies and turning off third-party cookie blocking (or add an “Allow” entry for your site).
(This page has some information on testing and debugging SameSite cookies: https://www.chromium.org/updates/same-site/test-debug)
if you are using Shoify app gem, and dont want to upgrade your shopify_app or shopify api lib you can install this rails_sate_site_cookie gem
https://github.com/pschinis/rails_same_site_cookie