[Webkit-unassigned] [Bug 236227] REGRESSION (Safari 15): Cookies set with sameSite=None are not sent on cross domain requests

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 8 19:49:12 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=236227

John Wilander <wilander at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |WONTFIX

--- Comment #1 from John Wilander <wilander at apple.com> ---
(In reply to Tiago Duarte from comment #0)
> Created attachment 451077 [details]
> Subsequent request cookies after the cookie has been set
> 
> I'm developing a react web app, and since I updated my Safari to v15 it
> stoped sending cookies with `sameSite=None` to different domains.
> 
> In particular, while I'm developing using localhost and sending requests to
> a remote server, the cookie is not sent.
> 
> The cookie is set like this:
> ```
> Set-Cookie: _staging_app_key=XYZ.XYZXYZXYZXYZ; path=/; expires=Tue, 08 Feb
> 2022 11:40:36 GMT; max-age=86400; secure; HttpOnly; SameSite=None
> ```
> 
> But it is never sent in subsequent requests

Hi! Thanks for filing!

Cross-site, or third-party cookies have been blocked by default in Safari for two years: https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/

SameSite=none has never created an exception to third-party cookie blocking in Safari. It was mainly driven by the Chrome team since Chrome still allows third-party cookies by default.

If a third-party domain wants access to cookies, it should make use of the Storage Access API, explained under "How To Use the Storage Access API" here: https://webkit.org/blog/11545/updates-to-the-storage-access-api/

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220209/6417379e/attachment.htm>

More information about the webkit-unassigned mailing list