[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=198181

--- Comment #2 from Daniel Bates <dbates at webkit.org> ---
(In reply to Mike West from comment #1)
> The patch in https://bugs.webkit.org/show_bug.cgi?id=196927 is only
> addressing the way cookies are rendered in WebKit's Inspector. I suspect
> that the underlying behavior is in `NSHTTPCookie`, and will require someone
> with access to that code to dig into the parser a bit.
> 

Yep, and it is has already been fixed if I am remembering correctly. Fix may not have shipped, yet.

> FWIW, Chrome, Firefox, and Edge (old and new) all treat
> `SameSite=UnknownValue` as though the `SameSite` attribute wasn't present.
> That's fairly forward-compatible for cases in which we decide collectively
> that a new value is reasonable to add.
> 
> Would it be possible for y'all to revisit this behavior? It's going to make
> shipping https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> somewhat difficult for developers to handle without carving out special
> behavior for Safari, for example.
> 

Wait, I haven’t seen “None” before. If this does something other than nothing (i.e. implementer does not even need to parse ‘n’, ‘o’, ‘n’, ‘e’, then ^^^ is enough. If there any other visible change then CFNetwork will need to be involved and we need a radar, which you can create yourself assigned to the right place (I think) at bugreport.apple.com. Ehh, as I type this, I guess its not much work to CC the WebKit-radar-importer and then do a radar dance Internally 😕

> /cc dbates@, wilander@, joepeck at .

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190523/59d75389/attachment.html>