Chromium has had the idea to treat all cookies as SameSite=Lax by default as well as blocking SameSite=None over HTTP for a while now, hidden behind a flag, and seem to be rolling this out soon.
The topic is discussed in detail here: https://web.dev/samesite-cookies-explained/#changes-to-the-default-behavior-without-samesite I just wondered if other developers had any thoughts on this move and if/when WebKit should follow. The downside is of course compatibility but the upside is improved privacy. _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-dev
