> Link to the proposal:
> https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> 
> Summary:
>   "1.  Treat the lack of an explicit "SameSite" attribute as
>        "SameSite=Lax".  That is, the "Set-Cookie" value "key=value" will
>        produce a cookie equivalent to "key=value; SameSite=Lax".
>        Cookies that require cross-site delivery can explicitly opt-into
>        such behavior by asserting "SameSite=None" when creating a
>        cookie.
>    2.  Require the "Secure" attribute to be set for any cookie which
>        asserts "SameSite=None" (similar conceptually to the behavior for
>        the "__Secure-" prefix).  That is, the "Set-Cookie" value
>        "key=value; SameSite=None; Secure" will be accepted, while
>        "key=value; SameSite=None" will be rejected."
> 
> Bug: https://google.co.in/show_bug.cgi?id=1551798
> 
> Platform coverage: all
> 
> Estimated or target release: 69 - behind pref
> 
> Preferences behind which this will be implemented:
>  - network.cookie.sameSite.laxByDefault
>  - network.cookie.sameSite.noneRequiresSecure (this requires the previous
> one to be set to true)
> 
> Is this feature enabled by default in sandboxed iframes? yes.
> 
> Do other browser engines implement this?
>  - Chrome is implementing/experimenting this feature:
> https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
>  - Safari: no signal yet.
> 
> web-platform-tests: There is a pull-request
> https://github.com/web-platform-tests/wpt/pull/16957
> Implementing this feature, I added a mochitest to inspect cookies via
> CookieManager.
> 
> Is this feature restricted to secure contexts? no

implement the post reply option 
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to