Changes to Chrome will break fileDownload soon.

[arkytn]

The filedownload cookie needs to be modified to work with coming changes to Chrome.

A cookie associated with a resource at http://google.com/ was set with SameSite=None but without Secure. A future release of Chrome will only deliver cookies marked SameSite=None if they are also marked Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032T

Just need to document the cookie format for this problem.

Set-Cookie: fileDownload=true; path=/ Secure SameSite=None

[joshuapinter]

Just to be clear @arkytn, do we just need to adjust the cookie to be fileDownload=true; path=/ Secure SameSite=None?

[arkytn]

Here's an example from code I got working and this suppressed Chrome's warnings.

Set-Cookie: fileDownload=true; path=/; SameSite=None; Secure

[joshuapinter]

Thanks @arkytn. Two questions for you:

1. Do you happen to have a screenshot of the warning that Chrome provides? And What version of Chrome this starts appearing on?

2. Does it prevent the file from downloading? And/or does it prevent the AJAX call from returning successfully?

We're tracking down an issue with a client and we're trying to see if this is the issue or if it's something else.

Thanks!

[arkytn]

No it doesn't stop the download. At this point it's a warning. Warning message in Console:

A cookie associated with a cross-site resource at http://cloudflare.com/ was set without the SameSite attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with SameSite=None and Secure. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.

[joshuapinter]

Awesome, thanks for the clarification!

[Darkicorn]

In jquery.fileDownload.js, in function checkFileDownloadComplete(), the line
var cookieData = settings.cookieName + "=; path=" + settings.cookiePath + "; expires=" + new Date(0).toUTCString() + ";";

needs to be
var cookieData = settings.cookieName + "=; path=" + settings.cookiePath + "; expires=" + new Date(0).toUTCString() + "; secure=true;";

i.e. add secure=true; to remove the warning in Firefox:

Cookie “fileDownload” will be soon rejected because it has the “SameSite” attribute set to “None” or an invalid value, without the “secure” attribute. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite jquery.fileDownload.js:356:5

Also, perhaps the comment on the previous line, //remove cookie, could be more descriptive.