The MC-41359 commerce patch fixes the issue with missing SameSite cookie parameters settings. This patch is available when the Quality Patches Tool (QPT) 1.0.20 is installed. The patch ID is MC-41359. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.3.
Affected products and versions
The patch is created for Adobe Commerce version: Adobe Commerce on our cloud infrastructure 2.4.2
Compatible with Adobe Commerce versions: Adobe Commerce and Adobe Commerce on our cloud Infrastructure 2.3.6-p1, 2.4.2, 2.4.2-p1
Note: the patch might become applicable to other versions with new QPT tool releases. To check if the patch is compatible with your Magento version, run
Missing settings of the SameSite cookie parameter.
- Open Chrome and go to chrome://flags/
- Enable SameSite by default cookies and Cookies without SameSite must be secure.
- Open the Chrome inspector.
- Enable PayPal.
- Go to the store front.
- Add a product to the cart.
- Go to checkout.
If you have New Relic enabled the warning appears on any frontend page.
Warning message in the browser console: A cookie associated with a cross-site resource was set without a SameSite attribute.
"lax" should not be added to the cookie domain; the samesite attribute should be present with default value.
Apply the patch
For instructions on how to apply an QPT patch, use the following links depending on your Magento product:
- Adobe Commerce: Apply patches using Quality Patches Tool in our developer documentation.
- Adobe Commerce on our cloud infrastructure: Upgrades and Patches > Apply patches in our developer documentation.
To learn more about Quality Patches Tool, refer to:
- Quality Patches Tool released: a new tool to self-serve quality patches.
- Check if patch is available for your Adobe Commerce issue using Quality Patches Tool.
For info about other patches available in QPT tool, refer to the Patches available in QPT tool section.