[Webkit-unassigned] [Bug 267273] [Soup]: document.cookie= sameSite default value has changed to Lax
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 22 13:13:51 PST 2024
https://bugs.webkit.org/show_bug.cgi?id=267273
--- Comment #1 from Patrick Griffis <pgriffis at igalia.com> ---
I'm slightly confused because all Google documentation suggests they are Lax by default:
https://www.chromium.org/updates/same-site/?pli=1#20210318]-
However in testing Chrome indeed is not Lax by default.
Firefox is also not Lax by default but prints a warning:
> Cookie “custom_cookie” does not have a proper “SameSite” attribute value. Soon, cookies without the “SameSite” attribute or with an invalid value will be treated as “Lax”. This means that the cookie will no longer be sent in third-party contexts. If your application depends on this cookie being available in such contexts, please add the “SameSite=None“ attribute to it. To know more about the “SameSite“ attribute, read https://developer.mozilla.org/docs/Web/HTTP/Headers/Set-Cookie/SameSite
So libsoup may have been premature in making this change.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20240122/9514bc00/attachment.htm>
More information about the webkit-unassigned
mailing list