[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 23 13:08:36 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=198181
Mike West <mkwst at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dbates at webkit.org,
| |joepeck at webkit.org,
| |mkwst at chromium.org,
| |wilander at apple.com
--- Comment #1 from Mike West <mkwst at chromium.org> ---
The patch in https://bugs.webkit.org/show_bug.cgi?id=196927 is only addressing the way cookies are rendered in WebKit's Inspector. I suspect that the underlying behavior is in `NSHTTPCookie`, and will require someone with access to that code to dig into the parser a bit.
FWIW, Chrome, Firefox, and Edge (old and new) all treat `SameSite=UnknownValue` as though the `SameSite` attribute wasn't present. That's fairly forward-compatible for cases in which we decide collectively that a new value is reasonable to add.
Would it be possible for y'all to revisit this behavior? It's going to make shipping https://tools.ietf.org/html/draft-west-cookie-incrementalism-00 somewhat difficult for developers to handle without carving out special behavior for Safari, for example.
/cc dbates@, wilander@, joepeck at .
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190523/698d7503/attachment.html>
More information about the webkit-unassigned
mailing list