[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict

Fri Jun 28 07:52:33 PDT 2019

https://bugs.webkit.org/show_bug.cgi?id=198181

--- Comment #16 from John Wilander <wilander at apple.com> ---
(In reply to Mike West from comment #14)
> (In reply to Joseph Pecoraro from comment #13)
> > Great! Can we mark this as resolved?
> 
> Yes. It's fixed in y'all's codebase. Now we're just waiting for deployment.
> Thank you!
> 
> Note that Chrome is currently targeting ~M80 (February) to push a
> `SameSite=None` requirement on third-party cookies
> (https://www.chromestatus.com/feature/5088147346030592). That seems like
> it'll be enough time for a critical mass of Safari users to upgrade to macOS
> 10.15 and iOS 13. It still leaves folks whose devices supported Safari 12
> but won't support Safari 13 in a somewhat uncomfortable position, and we're
> likely going to need to recommend UA sniffing to avoid harm to that
> population.
> 
> If y'all could work out a way to get the underlying network stack change
> into a point release of either or both macOS 10.14 and iOS 12, it would both
> make that timeline more solid, and potentially allow us to be more
> aggressive with the timeline generally with less risk.
> 
> Thanks again for your help here!

I filed rdar://52330350 for investigating a backport of the network stack change.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190628/e1f68f9b/attachment-0001.html>