1. Adobe Commerce Help Center
  2. Support Tools
  3. Patches available in QPT tool

Articles in this section

See more

MC-41359 commerce patch: missing settings SameSite cookie param

  • Created
  • Updated

The MC-41359 commerce patch fixes the issue with missing SameSite cookie parameters settings. This patch is available when the Quality Patches Tool (QPT) 1.0.20 is installed. The patch ID is MC-41359. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.3.

Affected products and versions

The patch is created for Adobe Commerce version: Adobe Commerce on our cloud infrastructure 2.4.2

Compatible with Adobe Commerce versions: Adobe Commerce and Adobe Commerce on our cloud Infrastructure 2.3.6-p1, 2.4.2, 2.4.2-p1

Note: the patch might become applicable to other versions with new QPT tool releases. To check if the patch is compatible with your Magento version, run ./vendor/bin/magento-patches status.

Issue

Missing settings of the SameSite cookie parameter.

Steps to reproduce:

Prerequisites:

  • Open Chrome and go to chrome://flags/
  • Enable SameSite by default cookies and Cookies without SameSite must be secure.
  • Open the Chrome inspector.

Scenario 1:

  1. Enable PayPal.
  2. Go to the store front.
  3. Add a product to the cart.
  4. Go to checkout.

Scenario 2:

If you have New Relic enabled the warning appears on any frontend page.

Actual result:

Warning message in the browser console: A cookie associated with a cross-site resource was set without a SameSite attribute.

Expected result:

"lax" should not be added to the cookie domain; the samesite attribute should be present with default value.

Apply the patch

For instructions on how to apply an QPT patch, use the following links depending on your Magento product:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT tool, refer to the Patches available in QPT tool section.

Was this article helpful?
0 out of 0 found this helpful
Return to top

Related articles