Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Breaking change] Support SameSite in Cookies. #51486

Closed
sun-jiao opened this issue Feb 22, 2023 · 12 comments
Closed

[Breaking change] Support SameSite in Cookies. #51486

sun-jiao opened this issue Feb 22, 2023 · 12 comments
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. breaking-change-approved breaking-change-request This tracks requests for feedback on breaking changes library-_http type-enhancement A request for a change that isn't a bug

Comments

@sun-jiao
Copy link
Contributor

Related pull request:
github
googlesource

  1. The intended change in behavior: Add enum type SameSite (link) and public filed sameSite in abstract class Cookie (link) and its default implementation _Cookie (link).
  2. The justification/rationale for making the change: This artribute is important for CORS requests, for example, accessing dart backend in Flutter Web. Bacause they runs on different port, browsers don't allow Flutter Web to use cookies of dart backend.
  3. The expected impact of this change: all classes implement Cookie must override the filed sameSite.
  4. Clear steps for mitigating the change: We can release this change in the beta and dev channels first, so developers can make changes in advance. By the time these changes appeared in the stable channel, developers will have overridden sameSite in their implementation, so their projects will not break.
@lrhn lrhn added area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. type-enhancement A request for a change that isn't a bug library-_http labels Feb 22, 2023
@a-siva
Copy link
Contributor

a-siva commented Feb 22, 2023

/cc @brianquinlan

@brianquinlan brianquinlan added the breaking-change-request This tracks requests for feedback on breaking changes label Feb 23, 2023
@natebosch
Copy link
Member

3. all classes implement Cookie must override the filed sameSite.

@brianquinlan - do we have an estimate of internal and external usage of this pattern?

@brianquinlan
Copy link
Contributor

brianquinlan commented Mar 16, 2023
edited

@natebosch

Known places that implement Cookie

  • The archived project http_io
  • One place in Google Ads where Cookie is implemented as part of a fake

@itsjustkevin
Copy link
Contributor

@vsmenon @grouma @Hixie breaking change request!

@brianquinlan and @sun-jiao thank you for bringing this to my attention.

@grouma
Copy link
Member

grouma commented Mar 20, 2023

One place in Google Ads where Cookie is implemented as part of a fake

I'm seeing a couple more locations, including some outside Ads. Overall it is < 10 and they all seem to be testing related. Should be a fairly straightforward change.

@mit-mit
Copy link
Member

mit-mit commented Apr 18, 2023

This breaking change SGTM. @vsmenon @grouma @Hixie can you approve too?

@mit-mit mit-mit mentioned this issue Apr 18, 2023
Closed
@Hixie
Copy link
Contributor

Hixie commented Apr 18, 2023

fine by me

@grouma
Copy link
Member

grouma commented Apr 18, 2023

SGTM.

@mit-mit
Copy link
Member

mit-mit commented Apr 20, 2023

@itsjustkevin can we consider this approved?

sun-jiao added a commit to sun-jiao/dart-lang-sdk that referenced this issue Apr 20, 2023
@sun-jiao
add dart-lang#51486 to changelog
7e21091
@itsjustkevin
Copy link
Contributor

Calling this approved, @vsmenon please chime in if you disagree.

@sun-jiao
Copy link
Contributor Author

sun-jiao commented May 3, 2023

Merged.

@sun-jiao sun-jiao closed this as completed May 3, 2023
@shilangyu
Copy link
Contributor

Any reason why SameSite is a class instead of an enum?

@abitofevrything abitofevrything mentioned this issue May 15, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. breaking-change-approved breaking-change-request This tracks requests for feedback on breaking changes library-_http type-enhancement A request for a change that isn't a bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@Hixie @grouma @lrhn @natebosch @a-siva @brianquinlan @itsjustkevin @mit-mit @sun-jiao @shilangyu