Yay! This is exciting, thank you! On Tue, Apr 10, 2018 at 4:30 AM Francois Marier <franc...@mozilla.com> wrote:
> We intend to ship same-site cookies in Firefox 61. This new cookie > attribute allows sites to prevent cross-site requests from using those > cookies which provides a mechanism for web sites to protect themselves > against Cross-Site Request Forgery (CSRF) attacks. > > Specification (cookies): > https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02 > > Tracking bug: https://bugzilla.mozilla.org/show_bug.cgi?id=795346 > > Platform coverage: all > > Gating preference: network.cookie.same-site.enabled > > Devtools support: https://bugzilla.mozilla.org/show_bug.cgi?id=1452715 > > Developer documentation: > > https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#Directives > > Web Platform Tests: http://rfc6265.biz/tests/ (until > https://github.com/w3c/web-platform-tests/issues/8581 is fixed) > https://github.com/w3c/web-platform-tests/issues/2669 is actually the issue blocking `SameSite`. The issue you've referenced is blocking our port of some of the tests in https://github.com/abarth/http-state/, but not `SameSite`. There's an open PR (https://github.com/w3c/web-platform-tests/pull/10166) that I hope will land somewhat soon. Once it lands, I'd appreciate y'all's help porting the tests from https://github.com/mikewest/rfc6265-biz. I hope it'll be reasonably straightforward. > Secure contexts: not restricted to secure contexts since cookies are > already available in non-secure contexts > FWIW, I justified this to myself when Chrome shipped it by noting that this would lead to a net reduction of the number of cookies flowing over HTTP. I still think that's a reasonable stance. > Other browsers: > - Chrome shipped this feature in 51. > - Safari: https://bugs.webkit.org/show_bug.cgi?id=159464 > - Edge: https://github.com/MicrosoftEdge/Status/issues/201 > _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform