[Webkit-unassigned] [Bug 236227] REGRESSION (Safari 15): Cookies set with sameSite=None are not sent on cross domain requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 8 19:49:12 PST 2022
https://bugs.webkit.org/show_bug.cgi?id=236227
John Wilander <wilander at apple.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WONTFIX
--- Comment #1 from John Wilander <wilander at apple.com> ---
(In reply to Tiago Duarte from comment #0)
> Created attachment 451077 [details]
> Subsequent request cookies after the cookie has been set
>
> I'm developing a react web app, and since I updated my Safari to v15 it
> stoped sending cookies with `sameSite=None` to different domains.
>
> In particular, while I'm developing using localhost and sending requests to
> a remote server, the cookie is not sent.
>
> The cookie is set like this:
> ```
> Set-Cookie: _staging_app_key=XYZ.XYZXYZXYZXYZ; path=/; expires=Tue, 08 Feb
> 2022 11:40:36 GMT; max-age=86400; secure; HttpOnly; SameSite=None
> ```
>
> But it is never sent in subsequent requests
Hi! Thanks for filing!
Cross-site, or third-party cookies have been blocked by default in Safari for two years: https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/
SameSite=none has never created an exception to third-party cookie blocking in Safari. It was mainly driven by the Chrome team since Chrome still allows third-party cookies by default.
If a third-party domain wants access to cookies, it should make use of the Storage Access API, explained under "How To Use the Storage Access API" here: https://webkit.org/blog/11545/updates-to-the-storage-access-api/
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220209/6417379e/attachment.htm>
More information about the webkit-unassigned
mailing list