[Webkit-unassigned] [Bug 198181] Cookies with SameSite=None or SameSite=invalid treated as Strict
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 23 03:31:23 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=198181
ChristianV <Verdelli.christian at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |Verdelli.christian at gmail.co
| |m
--- Comment #43 from ChristianV <Verdelli.christian at gmail.com> ---
Does it mean that SPA Applications calling third-party APIs (with proper CORS set-up) that rely on cookies to properly work are broken ?
Something like the drawing to give you an idea.
abc.com api.net
+---------------+
+----------+ | |
| | (Ajax Requesto to API) | |
| | +------------------------------------------> | |
| | origin: abc.com | |
| | | |
| | (API Response with Cookie) | |
| | <-------------------------------------------+ | |
| | Access|Control|Allow|Credentials: true | |
| | Access-Control-Allow-Origin: https://abc.com | |
| | Cookie: myCookie ; domain=api.net | |
+----------+ +---------------+
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200923/64369103/attachment.htm>
More information about the webkit-unassigned
mailing list