Re: Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure

Fri, 17 Apr 2020 06:25:22 -0700 

On Monday, April 13, 2020 at 12:40:43 PM UTC-4, maksga...@gmail.com wrote:
> четверг, 23 мая 2019 г., 11:34:14 UTC+3 пользователь Andrea Marchesini 
> написал:
> > Link to the proposal:
> > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> > 
> > Summary:
> >   "1.  Treat the lack of an explicit "SameSite" attribute as
> >        "SameSite=Lax".  That is, the "Set-Cookie" value "key=value" will
> >        produce a cookie equivalent to "key=value; SameSite=Lax".
> >        Cookies that require cross-site delivery can explicitly opt-into
> >        such behavior by asserting "SameSite=None" when creating a
> >        cookie.
> >    2.  Require the "Secure" attribute to be set for any cookie which
> >        asserts "SameSite=None" (similar conceptually to the behavior for
> >        the "__Secure-" prefix).  That is, the "Set-Cookie" value
> >        "key=value; SameSite=None; Secure" will be accepted, while
> >        "key=value; SameSite=None" will be rejected."
> > 
> > Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798
> > 
> > Platform coverage: all
> > 
> > Estimated or target release: 69 - behind pref
> > 
> > Preferences behind which this will be implemented:
> >  - network.cookie.sameSite.laxByDefault
> >  - network.cookie.sameSite.noneRequiresSecure (this requires the previous
> > one to be set to true)
> > 
> > Is this feature enabled by default in sandboxed iframes? yes.
> > 
> > Do other browser engines implement this?
> >  - Chrome is implementing/experimenting this feature:
> > https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
> >  - Safari: no signal yet.
> > 
> > web-platform-tests: There is a pull-request
> > https://github.com/web-platform-tests/wpt/pull/16957
> > Implementing this feature, I added a mochitest to inspect cookies via
> > CookieManager.
> > 
> > Is this feature restricted to secure contexts? no

are you guys here to help me my girl friend is using my indentity and have 
acces to all my thinks i am not good at this
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to