On Thursday, May 23, 2019 at 4:34:14 AM UTC-4, Andrea Marchesini wrote: > Link to the proposal: > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00 > > Summary: > "1. Treat the lack of an explicit "SameSite" attribute as > "SameSite=Lax". That is, the "Set-Cookie" value "key=value" will > produce a cookie equivalent to "key=value; SameSite=Lax". > Cookies that require cross-site delivery can explicitly opt-into > such behavior by asserting "SameSite=None" when creating a > cookie. > 2. Require the "Secure" attribute to be set for any cookie which > asserts "SameSite=None" (similar conceptually to the behavior for > the "__Secure-" prefix). That is, the "Set-Cookie" value > "key=value; SameSite=None; Secure" will be accepted, while > "key=value; SameSite=None" will be rejected." > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798 > > Platform coverage: all > > Estimated or target release: 69 - behind pref > > Preferences behind which this will be implemented: > - network.cookie.sameSite.laxByDefault > - network.cookie.sameSite.noneRequiresSecure (this requires the previous > one to be set to true) > > Is this feature enabled by default in sandboxed iframes? yes. > > Do other browser engines implement this? > - Chrome is implementing/experimenting this feature: > https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html > - Safari: no signal yet. > > web-platform-tests: There is a pull-request > https://github.com/web-platform-tests/wpt/pull/16957 > Implementing this feature, I added a mochitest to inspect cookies via > CookieManager. > > Is this feature restricted to secure contexts? no
-- This is a PVNC student account. Please report any abuse to helpd...@pvnccdsb.on.ca <mailto:helpd...@pvnccdsb.on.ca>. All student emails are scanned for objectionable content. A COPY of that email will be sent to the student’s school principal for review. *Achieving Excellence in Catholic Education through Learning, Leadership and Service* Please visit our website at http://www.pvnccdsb.on.ca <http://www.pvnccdsb.on.ca> or join us on social media: Facebook: https://www.facebook.com/pvnccdsb <https://www.facebook.com/pvnccdsb> Twitter: https://twitter.com/pvnccdsb <https://twitter.com/pvnccdsb> Youtube: https://www.youtube.com/pvncc <https://www.youtube.com/pvncc> PVNCCDSB IMPORTANT NOTICE: This information is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential and exempt from disclosure under the Municipal Freedom of Information and Protection of Privacy Act. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you received this transmission in error, please notify the sender immediately and then permanently delete this _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
