Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Update content of Web/HTTP/Cookies #504
Since the existing Web/HTTP/Cookies documentation is missing information,
The quote is from https://bugzilla.mozilla.org/show_bug.cgi?id=1351663#c23 and specifically concerns this section: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#SameSite_cookies
When you have improved this MDN section, could you add a link to that section at https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/API/cookies/SameSiteStatus ? Thanks!
That's looking great, thanks!
I have a few more suggestions:
"SameSite cookies are still experimental and not yet supported by all browsers.". The support is actually looking quite good: https://caniuse.com/same-site-cookie-attribute
Could you add an example of setting a SameSite cookie, and state that the default behavior (i.e. if the flag is not set of not supported by the browser) is to include the cookies in any request, including cross-origin requests.
Here is an example:
Lastly, on the same page, there is also a section on CSRF: https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Cross-site_request_forgery_(CSRF)
I suggest to add a bullet point referring to the SameSite section.
The following note has still not been changed:
Support by recent versions of browsers is however looking good: https://caniuse.com/#feat=same-site-cookie-attribute
I found that there is another article that has the compatibility table (and a two-sentence section on SameSite): https://developer.mozilla.org/en-US/docs/Web/HTTP/headers/Set-Cookie
The compat section seems to be out of date (compared to the caniuse information) though.