The MC-41359 Magento patch fixes the issue with missing SameSite cookie parameters settings. This patch is available when the Magento Quality Patch (MQP) tool 1.0.20 is installed. The patch ID is MC-41359. Please note that the issue is scheduled to be fixed in Magento 2.4.3.
Affected products and versions
The patch is created for Magento version:
Magento Commerce Cloud 2.4.2
Compatible with Magento versions:
Magento Commerce and Commerce Cloud 2.3.6-p1 - 2.4.2
Note: the patch might become applicable to other versions with new MQP tool releases. To check if the patch is compatible with your Magento version, run
Missing settings of the SameSite cookie parameter.
Steps to reproduce:
- Open Chrome and go to chrome://flags/
- Enable SameSite by default cookies and Cookies without SameSite must be secure.
- Open the Chrome inspector.
- Enable PayPal.
- Go to the store front.
- Add a product to the cart.
- Go to checkout.
If you have New Relic enabled the warning appears on any frontend page.
Warning message in the browser console "A cookie associated with a cross-site resource was set without a SameSite attribute."
"lax" should not be added to the cookie domain; the samesite attribute should be present with default value.
Apply the patch
For instructions on how to apply an MQP patch, use the following links depending on your Magento product:
- Magento Commerce: DevDocs Apply patches using Magento Quality Patches Tool.
- Magento Commerce Cloud: DevDocs Upgrades and Patches > Apply patches.
To learn more about Magento Quality Patches, refer to:
- Magento Quality Patches released: a new tool to self-serve quality patches.
- Check if patch is available for your Magento issue using Magento Quality Patches.
For info about other patches available in MQP tool, refer to the Patches available in MQP tool section.