Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Spec says we send SameSite=Strict cookies #609

Open
cbiesinger opened this issue May 30, 2024 · 0 comments
Open

Spec says we send SameSite=Strict cookies #609

cbiesinger opened this issue May 30, 2024 · 0 comments

Comments

@cbiesinger
Copy link
Collaborator

The last paragraph of https://fedidcg.github.io/FedCM/#browser-api says:

For fetches that are sent with cookies, unpartitioned cookies are included, as if the resource was loaded as a same-origin request, e.g. regardless of the SameSite value (which is used when a resource loaded as a third-party, not first-party).

This no longer matches the CG consensus or the implementation; we only allow SameSite=None cookies. (#587 might change it to also allow Lax, but either way, the spec is incorrect)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

3 participants