Current WebKit trunk blocks all third party cookies (with ITP enabled), which is a more extreme version of the same thing. We’re currently testing the compatibility fallout.
Treating cookies as SameSite=Lax by default is moot when third-party cookies are blocked, as the SameSite=None behavior would not be permitted at all. Chromium has been just about to roll out their change for a while now, but my understanding is that it’s still only applied to a low percentage of users. Regards, Maciej > On Mar 6, 2020, at 1:07 PM, Patrick Griffis <pgrif...@igalia.com> wrote: > > Chromium has had the idea to treat all cookies as SameSite=Lax by > default as well as blocking SameSite=None over HTTP for a while now, > hidden behind a flag, and seem to be rolling this out soon. > > The topic is discussed in detail here: > https://web.dev/samesite-cookies-explained/#changes-to-the-default-behavior-without-samesite > > I just wondered if other developers had any thoughts on this move and > if/when WebKit should follow. The downside is of course compatibility > but the upside is improved privacy. > _______________________________________________ > webkit-dev mailing list > firstname.lastname@example.org > https://lists.webkit.org/mailman/listinfo/webkit-dev _______________________________________________ webkit-dev mailing list email@example.com https://lists.webkit.org/mailman/listinfo/webkit-dev