[webkit-dev] Same-Site cookies by default

Patrick Griffis pgriffis at igalia.com
Fri Mar 6 13:07:22 PST 2020


Chromium has had the idea to treat all cookies as SameSite=Lax by
default as well as blocking SameSite=None over HTTP for a while now,
hidden behind a flag, and seem to be rolling this out soon.

The topic is discussed in detail here:
https://web.dev/samesite-cookies-explained/#changes-to-the-default-behavior-without-samesite

I just wondered if other developers had any thoughts on this move and
if/when WebKit should follow. The downside is of course compatibility
but the upside is improved privacy.


More information about the webkit-dev mailing list