We intend to ship same-site cookies in Firefox 61. This new cookie attribute allows sites to prevent cross-site requests from using those cookies which provides a mechanism for web sites to protect themselves against Cross-Site Request Forgery (CSRF) attacks.
Specification (cookies): https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02 Tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=795346 Platform coverage: all Gating preference: network.cookie.same-site.enabled Devtools support: https://bugzilla.mozilla.org/show_bug.cgi?id=1452715 Developer documentation: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives Web Platform Tests: http://rfc6265.biz/tests/ (until https://github.com/w3c/web-platform-tests/issues/8581 is fixed) Secure contexts: not restricted to secure contexts since cookies are already available in non-secure contexts Other browsers: - Chrome shipped this feature in 51. - Safari: https://bugs.webkit.org/show_bug.cgi?id=159464 - Edge: https://github.com/MicrosoftEdge/Status/issues/201 Francois and Christoph _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
