[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 3 21:47:12 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=198181
--- Comment #29 from Jay Shaw <jason at engageify.com> ---
(In reply to achkim from comment #27)
> (In reply to billy.richardson from comment #24)
> > Hey Robert,
> > My team and I are in the same position as you.
> >
> > I am currently not sending the SameSite cookie attribute to the following
> > User Agents:
> >
> > ^.*iPhone; CPU iPhone OS 1[0-2].*$
> > ^.*iPad; CPU OS 1[0-2].*$
> > ^.*iPod touch; CPU iPhone OS 1[0-2].*$
> > ^.*Macintosh; Intel Mac OS X.*Version\/1[0-2].*Safari.*$
> >
> > This has been in place in our Production for several weeks without any user
> > complaints. As always, you should verify yourself too :)
> >
> > Regards,
> > Billy Richardson
>
> Hello Billy,
> can you te(In reply to billy.richardson from comment #24)
> > Hey Robert,
> > My team and I are in the same position as you.
> >
> > I am currently not sending the SameSite cookie attribute to the following
> > User Agents:
> >
> > ^.*iPhone; CPU iPhone OS 1[0-2].*$
> > ^.*iPad; CPU OS 1[0-2].*$
> > ^.*iPod touch; CPU iPhone OS 1[0-2].*$
> > ^.*Macintosh; Intel Mac OS X.*Version\/1[0-2].*Safari.*$
> >
> > This has been in place in our Production for several weeks without any user
> > complaints. As always, you should verify yourself too :)
> >
> > Regards,
> > Billy Richardson
>
> Hello,
> Billy sent me this response
> <If "%{HTTP_USER_AGENT} !~ /(iPhone; CPU iPhone OS 1[0-2]|iPad; CPU OS
> 1[0-2]|iPod touch; CPU iPhone OS 1[0-2]|Macintosh; Intel Mac OS
> X.*Version\x2F1[0-2].*Safari)/i">
> Header edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure
> </If>
>
> Here is a demo page I setup:
> https://demo.richardson.dev/safarisamesiteapache/
>
> If this helped, please share it with others!
>
> and i have made this one on headers
>
> - edit Set-Cookie ^(.*)$ $1;SameSite=None;Secure env=!BUG_SAME_SITE
> setenvif:
> - User-Agent ^.*iPhone; CPU iPhone OS 1[0-2].*$ BUG_SAME_SITE
> - User-Agent ^.*iPad; CPU OS 1[0-2].*$ BUG_SAME_SITE
> - User-Agent ^.*iPod touch; CPU iPhone OS 1[0-2].*$ BUG_SAME_SITE
> - User-Agent ^.*Macintosh; Intel Mac OS X.*Version\/1[0-2].*Safari.*$
> BUG_SAME_SITE
The regex doesn't seem to capture Safari 10.14.6... any fix for this?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200204/42a45b28/attachment-0001.htm>
More information about the webkit-unassigned
mailing list