Re: Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure

[rabixwolf2017]

El jueves, 23 de mayo de 2019, 2:34:14 (UTC-6), Andrea Marchesini escribió:
> Link to the proposal:
> https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> 
> Summary:
>   "1.  Treat the lack of an explicit "SameSite" attribute as
>"SameSite=Lax".  That is, the "Set-Cookie" value "key=value" will
>produce a cookie equivalent to "key=value; SameSite=Lax".
>Cookies that require cross-site delivery can explicitly opt-into
>such behavior by asserting "SameSite=None" when creating a
>cookie.
>2.  Require the "Secure" attribute to be set for any cookie which
>asserts "SameSite=None" (similar conceptually to the behavior for
>the "__Secure-" prefix).  That is, the "Set-Cookie" value
>"key=value; SameSite=None; Secure" will be accepted, while
>"key=value; SameSite=None" will be rejected."
> 
> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798
> 
> Platform coverage: all
> 
> Estimated or target release: 69 - behind pref
> 
> Preferences behind which this will be implemented:
>  - network.cookie.sameSite.laxByDefault
>  - network.cookie.sameSite.noneRequiresSecure (this requires the previous
> one to be set to true)
> 
> Is this feature enabled by default in sandboxed iframes? yes.
> 
> Do other browser engines implement this?
>  - Chrome is implementing/experimenting this feature:
> https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
>  - Safari: no signal yet.
> 
> web-platform-tests: There is a pull-request
> https://github.com/web-platform-tests/wpt/pull/16957
> Implementing this feature, I added a mochitest to inspect cookies via
> CookieManager.
> 
> Is this feature restricted to secure contexts? no

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

The Firefox Profiler switched to a new server!

[Julien Wajsberg]

Hey!

On Monday last week, we switched the profiler to a new backend server. 
This backend server now handles both profile publishing and link shortening!


This is a rewrite from the previous python-based server hosted on App 
Engine to a nodejs-based server hosted on GCP and managed by our 
wonderful cloudops team. The old server served us well but the profiler 
team didn't own it enough. The new server provides a good foundation to 
bring more features in the future (for example: profile deletion, 
profile expiration).



Note that the frontend using only static files is still served by 
netlify, with no plan to change in the short term.



The most visible change is our switching from  to 
 for short urls. Another less visible change is that 
we bumped up the uploading limit to 50MB (it was hardcoded to 32MB with 
the old server).


If you see other problems, especially when uploading profiles, please 
come talk to us in matrix (channel "Firefox Profiler") or reply to this 
mail :-)


Thanks!
--
Julien

___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

[desktop] Bugs logged by Desktop Release QA in the last 8 days

[camelia badau]

Hello,

Here's the list of new issues found and filed by the Desktop Release QA
team in the last 8 days.
Additional details on the team's priorities last week, as well as the plans
for the current week are available at: https://tinyurl.com/y9jss354.
Bugs logged by Desktop Release QA in the last 8 days:

Firefox: Address Bar
* NEW - https://bugzil.la/1641787 - ESR - Menus from address bar are not
closed when opening address bar

Firefox: Installer
* NEW - https://bugzil.la/1641798 - Firefox is already running error is
displayed when installing a Stub Installer or an older version of Firefox

Firefox: Preferences
* RESOLVED FIXED - https://bugzil.la/1640913 - [mac] Clear All History
warning message is unreadable in the preferences while dark mode is set on
macOS

Firefox: File Handling
* RESOLVED FIXED - https://bugzil.la/1640589 - Open with Nightly option is
not responding once a pdf was opened before with a third party

Firefox: Theme
* NEW - https://bugzil.la/1641815 - [macOS][dark theme] - correct styling
for New Folder button when adding Bookmarks
* NEW - https://bugzil.la/1641822 - [macOS] - Library elements not fully
styled on dark theme

Firefox: Remote Settings Client
* NEW - https://bugzil.la/1641939 - Signature failed when updating whilst
application is running

Core: Plug-ins
* NEW - https://bugzil.la/1641524 - [esr 68] Farmville on Facebook white
background while scrolling

Core: Privacy: Anti-Tracking
* ASSIGNED - https://bugzil.la/1641521 - ETP Standard breaks embedded
Twitter videos (e.g., on The Verge and NYT)

Core: Widget
* NEW - https://bugzil.la/1641810 - Can’t login to Office 365 from certain
Ubuntu machines

DevTools: Netmonitor
* NEW - https://bugzil.la/1640821 - Netmonitor - Throttling and Network
Settings should have the same styling for dropdown menus

DevTools: Inspector: Compatibility
* NEW - https://bugzil.la/1640809 - Implement automatic updates for MDN
compat data - tooltips

External Software Affecting Firefox: Other
* NEW - https://bugzil.la/1641483 - Microsoft Forms page is seen as
URL:Phising by Avast Antivirus

Mozilla: Private Relay
* OPEN - #353  -
[Website] The contrast for the keyboard navigation is not strong enough
* CLOSED - #354  -
[Addon]While creating an account in Private Window, an error is displayed


This is available as a Bugzilla bug list as well:
https://tinyurl.com/y8zvu3t9 .

Regards,

Camelia Badau
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform