On Sunday, August 2, 2020 at 3:07:44 PM UTC-5, lescanom...@gmail.com wrote:
> El jueves, 23 de mayo de 2019, 5:34:14 (UTC-3), Andrea Marchesini escribió:
> > Link to the proposal:
> > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> >
> > Summary:
> > "1. Treat the lack of an explicit "SameSite" attribute as
> > "SameSite=Lax". That is, the "Set-Cookie" value "key=value" will
> > produce a cookie equivalent to "key=value; SameSite=Lax".
> > Cookies that require cross-site delivery can explicitly opt-into
> > such behavior by asserting "SameSite=None" when creating a
> > cookie.
> > 2. Require the "Secure" attribute to be set for any cookie which
> > asserts "SameSite=None" (similar conceptually to the behavior for
> > the "__Secure-" prefix). That is, the "Set-Cookie" value
> > "key=value; SameSite=None; Secure" will be accepted, while
> > "key=value; SameSite=None" will be rejected."
> >
> > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798
> >
> > Platform coverage: all
> >
> > Estimated or target release: 69 - behind pref
> >
> > Preferences behind which this will be implemented:
> > - network.cookie.sameSite.laxByDefault
> > - network.cookie.sameSite.noneRequiresSecure (this requires the previous
> > one to be set to true)
> >
> > Is this feature enabled by default in sandboxed iframes? yes.
> >
> > Do other browser engines implement this?
> > - Chrome is implementing/experimenting this feature:
> > https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
> >
> > - Safari: no signal yet.
> >
> > web-platform-tests: There is a pull-request
> > https://github.com/web-platform-tests/wpt/pull/16957
> > Implementing this feature, I added a mochitest to inspect cookies via
> > CookieManager.
> >
> > Is this feature restricted to secure contexts? no
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
