[Webkit-unassigned] [Bug 245275] New: submitting html contact form with csrf cookie
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 16 07:36:51 PDT 2022
https://bugs.webkit.org/show_bug.cgi?id=245275
Bug ID: 245275
Summary: submitting html contact form with csrf cookie
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: wgordonw1 at gmail.com
There are legitimate use cases for contact/feedback/survey/etc forms to be hosted on one domain and shared amongst many partner domains.
The current ITP workflow makes this very difficult and prevents a seamless experience.
Please consider allowing user initiated form submissions (i.e. from clicking a "submit" button) from third party iFrames to submit with CSRF cookies. Surely basic html forms don't need to be restricted so aggressively that they prevent this use case? Perhaps cookies could be forced as HttpOnly in third-party context for forms?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20220916/a6d967f0/attachment.htm>
More information about the webkit-unassigned
mailing list