[Webkit-unassigned] [Bug 208049] Javascript can't access a SameSite=Strict cookie after page is loaded after a redirect from a third party site
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Feb 23 08:18:56 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=208049
--- Comment #5 from John Wilander <wilander at apple.com> ---
(In reply to Aleksei from comment #3)
> 1. Yes.
> 2. Safari 13.0.5, MacOS 10.14.6
> 3. I don't know, didn't use Strict cookies before.
> 4. Yes, Google Chrome behaves as expected. Latest Firefox though also has
> this bug.
When you say “as expected,” do you mean by spec? I was a long while since I read the particulars of SameSite cookies. Two engines doing it one way and one doing it another may otherwise imply the opposite of what you’re saying.
> 5. My bad. It's a typo. Line `GET
> https://accounts.spotify.com/login?continue=https://*.spotify.net HTTP/1.1`
> should be replaced with `GET
> https://accounts.spotify.com/
> authorize?client_id=<client_id>&redirect_uri=https%3A%2F%2Fsome-integration.
> com%2Fsuccess HTTP/1.1`
>
> So, spotify.net domain isn't importatnt in this case. Just a redirect from
> https://some-integration.com to https://accounts.spotify.com matters.
Got it. Thanks!
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200223/18cab6ed/attachment.htm>
More information about the webkit-unassigned
mailing list