El jueves, 23 de mayo de 2019, 4:34:14 (UTC-4), Andrea Marchesini escribió: > Link to the proposal: > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00 > > Summary: > "1. Treat the lack of an explicit "SameSite" attribute as > "SameSite=Lax". That is, the "Set-Cookie" value "key=value" will > produce a cookie equivalent to "key=value; SameSite=Lax". > Cookies that require cross-site delivery can explicitly opt-into > such behavior by asserting "SameSite=None" when creating a > cookie. > 2. Require the "Secure" attribute to be set for any cookie which > asserts "SameSite=None" (similar conceptually to the behavior for > the "__Secure-" prefix). That is, the "Set-Cookie" value > "key=value; SameSite=None; Secure" will be accepted, while > "key=value; SameSite=None" will be rejected." > > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798 > > Platform coverage: all > > Estimated or target release: 69 - behind pref > > Preferences behind which this will be implemented: > - network.cookie.sameSite.laxByDefault > - network.cookie.sameSite.noneRequiresSecure (this requires the previous > one to be set to true) > > Is this feature enabled by default in sandboxed iframes? yes. > > Do other browser engines implement this? > - Chrome is implementing/experimenting this feature: > https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html > - Safari: no signal yet. > > web-platform-tests: There is a pull-request > https://github.com/web-platform-tests/wpt/pull/16957 > Implementing this feature, I added a mochitest to inspect cookies via > CookieManager. > > Is this feature restricted to secure contexts? no
<001M >HTML. Is save Thanks _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
