Re: Intent to implement and ship: same-site cookies

2018-04-20 Thread Francois Marier
On 09/04/18 07:25 PM, Francois Marier wrote: > We intend to ship same-site cookies in Firefox 61. This has now been uplifted and will be shipping in Firefox 60. Status can be tracked on https://wiki.mozilla.org/Security/SameSiteCookies. Francois ___ de

Re: Intent to implement and ship: same-site cookies

2018-04-10 Thread Daniel Veditz
On Mon, Apr 9, 2018 at 11:56 PM, Anne van Kesteren wrote: > We keep > ​ ​ > trying to find ways to limit cookies transmitted over HTTP (and > limiting HTTP in general). Offering better cookies over HTTPS seems > like a good incentive for sites to migrate. > To me "better cookies" means the __Sec

Re: Intent to implement and ship: same-site cookies

2018-04-10 Thread Jan Odvarko
On Tue, Apr 10, 2018 at 4:25 AM, Francois Marier wrote: > We intend to ship same-site cookies in Firefox 61. This new cookie > attribute allows sites to prevent cross-site requests from using those > cookies which provides a mechanism for web sites to protect themselves > against Cross-Site Reque

Re: Intent to implement and ship: same-site cookies

2018-04-09 Thread Anne van Kesteren
On Tue, Apr 10, 2018 at 4:25 AM, Francois Marier wrote: > Secure contexts: not restricted to secure contexts since cookies are > already available in non-secure contexts I'm not entirely convinced that is a good enough reason. We keep trying to find ways to limit cookies transmitted over HTTP (an

Re: Intent to implement and ship: same-site cookies

2018-04-09 Thread Jan Odvarko
On Tue, Apr 10, 2018 at 4:25 AM, Francois Marier wrote: > We intend to ship same-site cookies in Firefox 61. This new cookie > attribute allows sites to prevent cross-site requests from using those > cookies which provides a mechanism for web sites to protect themselves > against Cross-Site Reque

Re: Intent to implement and ship: same-site cookies

2018-04-09 Thread Mike West via dev-platform
Yay! This is exciting, thank you! On Tue, Apr 10, 2018 at 4:30 AM Francois Marier wrote: > We intend to ship same-site cookies in Firefox 61. This new cookie > attribute allows sites to prevent cross-site requests from using those > cookies which provides a mechanism for web sites to protect the

Intent to implement and ship: same-site cookies

2018-04-09 Thread Francois Marier
We intend to ship same-site cookies in Firefox 61. This new cookie attribute allows sites to prevent cross-site requests from using those cookies which provides a mechanism for web sites to protect themselves against Cross-Site Request Forgery (CSRF) attacks. Specification (cookies): https://tools