[Webkit-unassigned] [Bug 188165] iOS 12 Safari breaks ASP.NET Core 2.1 OIDC authentication

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 4 22:17:23 PDT 2018


--- Comment #18 from Daniel Bates <dbates at webkit.org> ---
(In reply to Matt W from comment #16)
> Digging through the primary commits that added SameSite support
> (https://github.com/WebKit/webkit/commit/
> 91ac5b831f84731aad164b48d53007f6e82d60d2#diff-
> ffea2dff562d822fbb0d8096d94ead16), I haven't found any references to
> validating whether or not a cookie should be seen based on its HTTP Method,
> or even based on whether SameSite is Lax or Strict. Can any of the
> developers point us to the code where this decision is made, so that we can
> see how its implemented?

This logic is in CFNetwork. Its source is not public.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181005/ca3fee7b/attachment.html>

More information about the webkit-unassigned mailing list