Skip to main content

The Adobe Commerce Support Knowledge Base has migrated to the Adobe Commerce Documentation section of Adobe Experience League.
Click Support Knowledge Base to access our new Knowledge Base Home.
Knowledge Base articles, as well as other Commerce documentation, will be still searchable and available when creating support tickets from the Adobe Commerce Help Center.

This page has moved to Adobe Experience League and will be redirected soon.

MC-41359 commerce patch: missing settings SameSite cookie param

  • Updated

MC-41359 commerce patch: missing settings SameSite cookie param

The MC-41359 commerce patch fixes the issue with missing SameSite cookie parameters settings. This patch is available when the Quality Patches Tool (QPT) 1.0.20 is installed. The patch ID is MC-41359. Please note that the issue is scheduled to be fixed in Adobe Commerce 2.4.3.

Affected products and versions

The patch is created for Adobe Commerce version: Adobe Commerce on cloud infrastructure 2.4.2

Compatible with Adobe Commerce versions: Adobe Commerce on-premises and Adobe Commerce on cloud infrastructure 2.3.6-p1, 2.4.2, 2.4.2-p1

NOTE

The patch might become applicable to other versions with new Quality Patches Tool releases. To check if the patch is compatible with your Adobe Commerce version, update the magento/quality-patches package to the latest version and check the compatibility on the QPT landing page. Use the patch ID as a search keyword to locate the patch.

Issue

Missing settings of the SameSite cookie parameter.

Steps to reproduce:

Prerequisites:

  • Open Chrome and go to chrome://flags/
  • Enable SameSite by default cookies and Cookies without SameSite must be secure.
  • Open the Chrome inspector.

Scenario 1:

  1. Enable PayPal.
  2. Go to the store front.
  3. Add a product to the cart.
  4. Go to checkout.

Scenario 2:

If you have New Relic enabled the warning appears on any frontend page.

Actual result:

Warning message in the browser console: A cookie associated with a cross-site resource was set without a SameSite attribute.

Expected result:

"lax" should not be added to the cookie domain; the samesite attribute should be present with default value.

Apply the patch

To apply individual patches, use the following links depending on your deployment method:

To learn more about Quality Patches Tool, refer to:

For info about other patches available in QPT tool, refer to Patches available in QPT tool in our developer documentation.

Was this article helpful?
0 out of 0 found this helpful
Return to top