How to set Chrome experimental option same-site-by-default-cookie in python selenium

Question

I suppose this should work:

from selenium import webdriver
options = webdriver.ChromeOptions()
options.add_experimental_option(\'same-site-by-default-cookies         


        

Answer 1

You saw it right.

As per the article Chrome browser pushes SameSite cookie security overhaul Chrome have added SameSite support which will require web developers to control cookies to access cookies across sites, using the SameSite attribute of the Set-Cookie header, which can be Strict, Lax, or None.

In the Chromium Blog Improving privacy and security on the web @BenGalbraith [Director, Chrome Product Management] and @JustinSchuh [Director, Chrome Engineering] mentioned:

This change will enable users to clear all such cookies while leaving single domain cookies unaffected, preserving user logins and settings. It will also enable browsers to provide clear information about which sites are setting these cookies, so users can make informed choices about how their data is used.

This change also has a significant security benefit for users, protecting cookies from cross-site injection and data disclosure attacks like Spectre and CSRF by default. We also announced our plan to eventually limit cross-site cookies to HTTPS connections, providing additional important privacy protections for our users.

upar...@gmail.com in the discussion WebDriver mechanism to test samesite cookie security overhaul? demonstrated that you can enable sameSite cookie flag using localState experimental options of chromedriver through Selenium as follows:

ChromeOptions chromeOptions = new ChromeOptions();
HashMap<String, Object> chromeLocalStatePrefs = new HashMap<String, Object>();
List<String> experimentalFlags = new ArrayList<String>();
experimentalFlags.add("same-site-by-default-cookies@1");
experimentalFlags.add("cookies-without-same-site-must-be-secure@1");
chromeLocalStatePrefs.put("browser.enabled_labs_experiments",experimentalFlags);
chromeOptions.setExperimentalOption("localState", chromeLocalStatePrefs);

---

tl; dr

Documentations:

• SameSite cookies explained
• RFC6265bis - Same-Site Cookies

Answer 2

Tested on Chrome : Version 79.0.3945.130 (Official Build) (64-bit)

In Python you can use below code

    chrome_options = webdriver.ChromeOptions()
    experimentalFlags = ['same-site-by-default-cookies@1','cookies-without-same-site-must-be-secure@1']
    chromeLocalStatePrefs = { 'browser.enabled_labs_experiments' : experimentalFlags}
    chrome_options.add_experimental_option('localState',chromeLocalStatePrefs)
    driver = webdriver.Chrome(options=chrome_options)
    driver.get("https://www.bing.com")

Python selenium client will send the capabilities as below

[1579581631.792][INFO]: Starting ChromeDriver 79.0.3945.36 (3582db32b33893869b8c1339e8f4d9ed1816f143-refs/branch-heads/3945@{#614})
[1579581631.792][INFO]: Please protect ports used by ChromeDriver and related test frameworks to prevent access by malicious code.
[1579581632.264][INFO]: [f6b8433509c420fd317902f72b1d102d] COMMAND InitSession {
   "capabilities": {
      "alwaysMatch": {
         "browserName": "chrome",
         "goog:chromeOptions": {
            "args": [  ],
            "extensions": [  ],
            "localState": {
               "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
            }
         },
         "platformName": "any"
      },
      "firstMatch": [ {

      } ]
   },
   "desiredCapabilities": {
      "browserName": "chrome",
      "goog:chromeOptions": {
         "args": [  ],
         "extensions": [  ],
         "localState": {
            "browser.enabled_labs_experiments": [ "same-site-by-default-cookies@1", "cookies-without-same-site-must-be-secure@1" ]
         }
      },
      "platform": "ANY",
      "version": ""
   }
}

To check if its actually worked or not . Go to chrome://flags/