On Wednesday, November 6, 2019 at 1:54:23 PM UTC-5, kahelim...@gmail.com wrote:
> בתאריך יום חמישי, 23 במאי 2019 בשעה 11:34:14 UTC+3, מאת Andrea Marchesini:
> > Link to the proposal:
> > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> > 
> > Summary:
> >   "1.  Treat the lack of an explicit "SameSite" attribute as
> >        "SameSite=Lax".  That is, the "Set-Cookie" value "key=value" will
> >        produce a cookie equivalent to "key=value; SameSite=Lax".
> >        Cookies that require cross-site delivery can explicitly opt-into
> >        such behavior by asserting "SameSite=None" when creating a
> >        cookie.
> >    2.  Require the "Secure" attribute to be set for any cookie which
> >        asserts "SameSite=None" (similar conceptually to the behavior for
> >        the "__Secure-" prefix).  That is, the "Set-Cookie" value
> >        "key=value; SameSite=None; Secure" will be accepted, while
> >        "key=value; SameSite=None" will be rejected."
> > 
> > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798
> > 
> > Platform coverage: all
> > 
> > Estimated or target release: 69 - behind pref
> > 
> > Preferences behind which this will be implemented:
> >  - network.cookie.sameSite.laxByDefault
> >  - network.cookie.sameSite.noneRequiresSecure (this requires the previous
> > one to be set to true)
> > 
> > Is this feature enabled by default in sandboxed iframes? yes.
> > 
> > Do other browser engines implement this?
> >  - Chrome is implementing/experimenting this feature:
> > https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
> >  - Safari: no signal yet.
> > 
> > web-platform-tests: There is a pull-request
> > https://github.com/web-platform-tests/wpt/pull/16957
> > Implementing this feature, I added a mochitest to inspect cookies via
> > CookieManager.
> > 
> > Is this feature restricted to secure contexts? no

lncihsd'ljsbd'chdencihdyrfcb ed;skf
edfihcedugeudhbyecjnsxn xeusoqewidfbcubdhbwydcoefcydowebcydorbccccccqui;urwesd
efyigewilfbc v
pendejos jajajajajaja
dev-platform mailing list

Reply via email to