[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 24 00:20:13 PDT 2019
https://bugs.webkit.org/show_bug.cgi?id=198181
--- Comment #6 from Mike West <mkwst at chromium.org> ---
(In reply to Daniel Bates from comment #5)
> Then it sounds like the inspector patch is wrong (I haven’t looked at it).
+joepeck at .
> Lost the context... What does Safari need to change? Can you please
> re-contextify me 🙂.
It sounds like shipping the fix from rdar://problem/42290578 would be sufficient. Just because I'm not familiar with y'all's release process: does a `CFNetwork` update require an OS update, or do you bundle it with Safari pushes? Likewise, I imagine it would require changes in both macOS and iOS?
I recognize that it's difficult to make predictions about the future, but we're trying to figure out a reasonable timeline for shifting to `SameSite=Lax` by default, and it would be lovely to not break Safari users as we do it. If this is a fix that will be widely-deployed soon, great! If not, we might need to rethink our plans (possibly requiring adding more complexity to cookies with some additional attribute that Safari would safely ignore). I'd kinda like to avoid doing that if possible...
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190524/7b0b639f/attachment.html>
More information about the webkit-unassigned
mailing list