Bug 265634
| Summary: | Samesite=Lax is not always working in Safari | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Karl Dubost <karlcow> |
| Component: | WebKit2 | Assignee: | youenn fablet <youennf> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | adrian.kuehni, cbilling, cchambers, info, kkinnunen, m.kurz+webkitbugs, webkit-bug-importer |
| Priority: | P2 | Keywords: | BrowserCompat, InRadar |
| Version: | Safari 17 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | https://github.com/edimoldovan/safari-cookies-test | ||
| See Also: |
https://bugs.webkit.org/show_bug.cgi?id=255524 https://bugs.webkit.org/show_bug.cgi?id=218002 https://bugs.webkit.org/show_bug.cgi?id=201646 |
||
Karl Dubost
In Bug 255524 There is a long thread of discussions around the fact that some users have issues with cookies not working.
Most of the time, developers have been able to solve it by setting Samesite = None instead of Samesite = Lax. This is not an acceptable solution, security wise.
ed created a demo for reproducing the issue. See Bug 255524 Comment #75
https://github.com/edimoldovan/safari-cookies-test
Additional Notes:
- localhost with no proxy running
- someone says that this happening with iframes.
The WebKit opened this bug to continue the investigation and possibly tries to identify the culprit.
Todo:
* Trying to get to a point where we can reliably reproduce the bug.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/119362503>
youenn fablet
Pull request: https://github.com/WebKit/WebKit/pull/21801
youenn fablet
<rdar://117905897>
EWS
Committed 272062@main (3096c561acce): <https://commits.webkit.org/272062@main>
Reviewed commits have been landed. Closing PR #21801 and removing active labels.
Peter
Do you plan to backport this to 16.x?