Bug 257845
| Summary: | SameSite=None cookies are rejected unless the Secure attribute is set. Differences with other browsers | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Karl Dubost <karlcow> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | achristensen, cbilling, webkit-bug-importer, wilander, youennf |
| Priority: | P2 | Keywords: | BrowserCompat, InRadar, WPTImpact |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | https://samesite-sandbox.glitch.me | ||
| See Also: | https://bugs.webkit.org/show_bug.cgi?id=255524 | ||
Karl Dubost
Steps to reproduce:
1. Go to https://samesite-sandbox.glitch.me
See differences in between Safari, Firefox Nightly and Chrome Canary
2. Go to https://samesitetest.com/
See differences in between Safari, Firefox Nightly and Chrome Canary
It would be good to figure out the differences and how it impacts web compatibility.
Maybe that would explain some of the issues detected in the comments of Bug 255524
But this one seems to be an obvious one.
https://wpt.fyi/results/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html?label=master&label=experimental&aligned&q=samesite
Also
https://wpt.fyi/results/cookies/samesite?label=master&label=experimental&aligned&q=samesite
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/110442616>