You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Draft 7 is a little confusing now. It allows SameSite with no attribute value in 3.1 and says that cookies with an invalid SameSite value should be treated as Strict in 3.2, yet 4.1 makes it clear that User Agents must ignore cookies with a SameSite attribute whose value is not Strict or Lax.
@jeremy's comment in rack/rack#1051:
The text in 4.1 is correct, and I should audit the rest of the doc to make sure the change is clear.
The text was updated successfully, but these errors were encountered: