[Webkit-unassigned] [Bug 201646] New: Cookie sameSite Lax setting and .lan domains

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=201646

            Bug ID: 201646
           Summary: Cookie sameSite Lax setting and .lan domains
           Product: WebKit
           Version: Safari 12
          Hardware: Macintosh
                OS: macOS 10.14
            Status: NEW
          Severity: Major
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ngoff at clearlyrated.com

I am uncertain if this is with WebKit or something deeper at the OS level.  Our internal development environment uses .lan tld for all of our development servers.  With the latest release of Safari and Mojave we have found that cookies are not being sent along by the browser with our ajax calls when we have the sameSite setting set to Lax.  If we don't set it then everything works as normal.  This appears to be a bug as we are always on the same site when this issue occurs, so it is confusing why it would determine it should not send them along.  We do not see this issue in our production systems where we are using a traditional .com tld.  It almost seems like the browser has determined .lan to not be 'safe enough' and therefore is not passing along the cookies like it should.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20190910/4d569dc8/attachment-0001.html>