Current WebKit trunk blocks all third party cookies (with ITP enabled), which 
is a more extreme version of the same thing. We’re currently testing the 
compatibility fallout.

Treating cookies as SameSite=Lax by default is moot when third-party cookies 
are blocked, as the SameSite=None behavior would not be permitted at all.

Chromium has been just about to roll out their change for a while now, but my 
understanding is that it’s still only applied to a low percentage of users.


> On Mar 6, 2020, at 1:07 PM, Patrick Griffis <> wrote:
> Chromium has had the idea to treat all cookies as SameSite=Lax by
> default as well as blocking SameSite=None over HTTP for a while now,
> hidden behind a flag, and seem to be rolling this out soon.
> The topic is discussed in detail here:
> I just wondered if other developers had any thoughts on this move and
> if/when WebKit should follow. The downside is of course compatibility
> but the upside is improved privacy.
> _______________________________________________
> webkit-dev mailing list

webkit-dev mailing list

Reply via email to