[Webkit-unassigned] [Bug 272986] New: Cookies with SameSite=Strict should not be sent if a redirect is cross-site

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 19 08:34:48 PDT 2024


https://bugs.webkit.org/show_bug.cgi?id=272986

            Bug ID: 272986
           Summary: Cookies with SameSite=Strict should not be sent if a
                    redirect is cross-site
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: pgriffis at igalia.com

As the spec states https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-rfc6265bis#section-5.2

> The request is not the result of a cross-site redirect. That is, the origin of every url
> in the request's url list is same-site with the request's current url's origin.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240419/6acca40b/attachment.htm>


More information about the webkit-unassigned mailing list