We are pleased to annouce a new Snowplow JavaScript Tracker release 2.14.0.
2.14.0 is available on GitHub releases.
Version 2.14.0 introduces improvements to cookie handling in the JavaScript tracker. With this release, the SameSite and Secure attributes can now be configured when using cookies as a storage method and there are now default values set for these attributes.
With the recent changes in Chrome 80 with regards to the SameSite cookie attribute, see our blog post, it has become important in cetain scenarios to be able to control the attributes on your cookies that are set by the JavaScript tracker.
Two new initialisation options have been introduced to allow the cookie attributes to be controlled.
cookieSameSite allows for the SameSite attribute of the cookie to be set. This can be Strict, Lax, None or null. The default is None. Using null will not set the SameSite attribute.
cookieSecure allows for the Secure attribute to be toggled. This can be true or false. The default is true.
The default options will generate cookies with SameSite=None; Secure attributes. We believe this will fit the majority of cases, including within HTTPS third party iframes.
You may wish to set cookieSameSite to Lax which will increase your users privacy. N.B This option will not work if using the tracker inside a third party iframe but should work in all other circumstances.
Additionally, if you wish for the cookies to work on non-secure HTTP then you must set cookieSecure to false and cookieSameSite to Lax or null.
Full Changelog:
- Fix SameSite cookie warning for storage Cookies (#795)