Some cookies are misusing the recommended “sameSite“ attribute

DBauszus · June 9, 2020, 2:23pm

Ghost uses unpkg to load some resources. For example the content-api script.

unpkg requires cookies which should be set with the same site property.

Currently this causes warnings in Firefox and Chrome. Future versions however may not support these calls.

Hannah · June 9, 2020, 2:29pm

@DBauszus Can you provide screenshots and show us where you’re seeing this?

Nothing in Ghost itself uses the Content API script, sounds like it might be a 3rd party issue

DBauszus · June 9, 2020, 2:49pm

For example the landing page of our blog.

https://blog.geolytix.net/

We are loading the content-api from this link:

https://unpkg.com/@tryghost/content-api@1.3.4/umd/content-api.min.js

The warning looks like this:

DBauszus · June 9, 2020, 2:59pm

I got the link from here… Looks to be genuine ghost information.

https://ghost.org/docs/api/v3/javascript/content/

Hannah · June 9, 2020, 5:18pm

Those warnings are clearly indicating 3 google cookies and all from analytics.js. These are problems to do with Google Tag Manager and Google Analytics. Nothing to do with Ghost, the content API or unpkg.com.

Topic		Replies	Views
Mixed content warning Developer help	4	2339	May 14, 2018
Content api filter does not work as expected Developer help	2	567	July 29, 2020
2x Ghost SEO issues (SEMrush Site Audit errors/warnings) Developer help	2	1135	February 6, 2019
HTTP mixed content error with publication logo - Ghost 4.0 Using Ghost	6	1070	June 6, 2021
Help with understanding how tracker scripts work Developer help	3	406	September 23, 2021

Some cookies are misusing the recommended “sameSite“ attribute

Related Topics