[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict

Fri Jun 28 03:13:57 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=198181

Mike West <mkwst at chromium.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #14 from Mike West <mkwst at chromium.org> ---
(In reply to Joseph Pecoraro from comment #13)
> Great! Can we mark this as resolved?

Yes. It's fixed in y'all's codebase. Now we're just waiting for deployment. Thank you!

Note that Chrome is currently targeting ~M80 (February) to push a `SameSite=None` requirement on third-party cookies (https://www.chromestatus.com/feature/5088147346030592). That seems like it'll be enough time for a critical mass of Safari users to upgrade to macOS 10.15 and iOS 13. It still leaves folks whose devices supported Safari 12 but won't support Safari 13 in a somewhat uncomfortable position, and we're likely going to need to recommend UA sniffing to avoid harm to that population.

If y'all could work out a way to get the underlying network stack change into a point release of either or both macOS 10.14 and iOS 12, it would both make that timeline more solid, and potentially allow us to be more aggressive with the timeline generally with less risk.

Thanks again for your help here!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190628/deb181b9/attachment.html>