We are pleased to annouce a new Snowplow JavaScript Tracker release 2.14.0
.
2.14.0
is available on GitHub releases.
Version 2.14.0 introduces improvements to cookie handling in the JavaScript tracker. With this release, the SameSite and Secure attributes can now be configured when using cookies as a storage method and there are now default values set for these attributes.
With the recent changes in Chrome 80 with regards to the SameSite cookie attribute, see our blog post, it has become important in cetain scenarios to be able to control the attributes on your cookies that are set by the JavaScript tracker.
Two new initialisation options have been introduced to allow the cookie attributes to be controlled.
cookieSameSite
allows for the SameSite attribute of the cookie to be set. This can be Strict
, Lax
, None
or null
. The default is None
. Using null
will not set the SameSite attribute.
cookieSecure
allows for the Secure attribute to be toggled. This can be true
or false
. The default is true
.
The default options will generate cookies with SameSite=None; Secure
attributes. We believe this will fit the majority of cases, including within HTTPS third party iframes.
You may wish to set cookieSameSite
to Lax
which will increase your users privacy. N.B This option will not work if using the tracker inside a third party iframe but should work in all other circumstances.
Additionally, if you wish for the cookies to work on non-secure HTTP then you must set cookieSecure
to false
and cookieSameSite
to Lax
or null
.
Full Changelog:
- Fix SameSite cookie warning for storage Cookies (#795)