[Webkit-unassigned] [Bug 265634] New: Samesite=Lax is not always working in Safari

Fri Dec 1 00:39:40 PST 2023

https://bugs.webkit.org/show_bug.cgi?id=265634

            Bug ID: 265634
           Summary: Samesite=Lax is not always working in Safari
           Product: WebKit
           Version: Safari 17
          Hardware: Unspecified
               URL: https://github.com/edimoldovan/safari-cookies-test
                OS: Unspecified
            Status: NEW
          Keywords: BrowserCompat
          Severity: Normal
          Priority: P2
         Component: WebKit2
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: karlcow at apple.com
                CC: kkinnunen at apple.com

In Bug 255524 There is a long thread of discussions around the fact that some users have issues with cookies not working.

Most of the time, developers have been able to solve it by setting Samesite = None instead of Samesite = Lax. This is not an acceptable solution, security wise. 

ed created a demo for reproducing the issue. See Bug 255524 Comment #75
https://github.com/edimoldovan/safari-cookies-test

Additional Notes:
- localhost with no proxy running
- someone says that this happening with iframes. 

The WebKit opened this bug to continue the investigation and possibly tries to identify the culprit.

Todo:
* Trying to get to a point where we can reliably reproduce the bug.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20231201/850ad49b/attachment.htm>