Chrome blocking Vaadin Cookies - again!

Ulrich27 · June 23, 2020, 8:42am

Hi all,

I am not able to load my Vaadin application in Chrome, because it says that cookies are blocked.
However, Cookies are enabled, no extensions are installed, the cache and all cookies are cleared, I hard-reloaded the page, I restarted the application etc. etc.

Basically, I’ve tried every suggestion I could find on Google, but none worked. My Chrome version is 79.0.3945.130 and the problem appeared overnight.

And I should add that this problem only appears in development mode when running on localhost. The application, when deployed on a remote server and running in production mode, works just fine.

Mauricio48 · September 12, 2020, 11:50pm

Yes! Same here! Any news? Please, help us!

Syam3 · September 13, 2020, 7:28pm

What is the effect if you use 0.0.0.0 instead of localhost?

Ulrich.1 · September 14, 2020, 7:06am

I had the issue again a couple of days ago with Chrome 85.0.4183.102, but this time I could resolve it by clearing the cookie cache.

Mauricio48 · September 15, 2020, 4:42am

Syam Pillai:
What is the effect if you use 0.0.0.0 instead of localhost?

Well, let me be more specific. My App is inside Joomla iFrame and in another server (my server app does not have a name, only IP).

Imagine:

Server A running php JOOMLA, ip a.a.a.a, dns ServerA

Server B running my Vaadin App under Tomcat ip b.b.b.b, no dns

in ServerA there is an page with iframe pointing to b.b.b.b/myVaadinApp

I don’t understand where testing 0.0.0.0 would help us…do you?

Thank you anyway!

Syam3 · September 15, 2020, 5:15am

Chrome treats cookies differently when 0.0.0.0 is used instead of localhost. That’s why.

Mauricio48 · September 15, 2020, 6:24am

Syam Pillai:
Chrome treats cookies differently when 0.0.0.0 is used instead of localhost. That’s why.

Hum…but in my case it won’t help me, right?

Thank You!

Ulrich.1 · September 15, 2020, 6:53am

Your setup is a bit more involved than usual - can you eliminate Joomla and reproduce with Chrome/Vaadin only? If yes, then the next step could be to install your OS and Chrome from scratch on a virtual machine and if that works, then my bet is that somehow your Chrome cookies aren’t properly cleared.

knoobie · September 19, 2020, 7:32am

This is probably related to the change of Google’s Chrome about SameSite Cookies: https://blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html

Ulrich.1 · September 19, 2020, 3:44pm

If that is so, does that mean that something needs to be fixed in the Vaadin framework? Or do I have to change anything in my app?

knoobie · September 19, 2020, 4:21pm

Sorry, my idea was related to the complex setup above with vaadin running inside an iframe. (there it could be solved from e.g. apache adding the missing SameSite attribute if it’s the culprit) This shouldn’t be the case for your setup!