[Webkit-unassigned] [Bug 219650] New: Cookies set with SameSite=Lax are not sent in redirects Safari

Tue Dec 8 12:23:08 PST 2020

https://bugs.webkit.org/show_bug.cgi?id=219650

            Bug ID: 219650
           Summary: Cookies set with SameSite=Lax are not sent in
                    redirects Safari
           Product: WebKit
           Version: Safari 14
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: New Bugs
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: zimbabao at gmail.com

We do Oauth redirect in a popup opened using window.open. Outh redirect from accounts.google.com redirects to our domain and we do 2 more redirects but these redirect does not send `SameSite: Lax` cookies from our domain.

This works on chrome on Firefox.

As per my understanding SameSite: Lax should be working incase of redirects.

Is there any reason why Chrome/FF and Safari deviate in this behavior.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20201208/a386c8ce/attachment.htm>