Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Some Cookie SameSite defaults changed to None #348
SameSite is an option for cookies that can help mitigate some XSS attacks. Each component that emits cookies need to decide if SameSite is appropriate for their scenarios. When this option was initially introduced inconsistent defaults were used across various AspNetCore APIs that has lead to confusing results. In 3.0.0-preview4 we've better aligned these defaults and made the feature opt-in on a per-component basis.
Note all AspNetCore components that emit cookies override these defaults with settings appropriate for their scenarios and these values have not changed:
See aspnet/AspNetCore#8212 for discussion