We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Describe the bug The #1810 incorrectly implements https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients
Notice Set-cookie: 3pcookie-legacy=value; Secure the cookie does not have the SameSite attribute present. The http.SameSiteDefaultMode used in hydra implementation results in attribute without the value, see https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221
Set-cookie: 3pcookie-legacy=value; Secure
SameSite
http.SameSiteDefaultMode
That triggers the problems with the older iOS and macOS versions, as Apple did not follow the https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1 see https://trac.webkit.org/browser/webkit/trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js?rev=239226#L118
Expected behavior The legacy cookie should not have the SameSite attribute sent at all.
Environment iOS12 Safari web browser
Additional context #1810 #1753
The text was updated successfully, but these errors were encountered:
fix: same site legacy workaround on iOS 12 (#1908)
128ad98
Enables legacy compatibility on iOS version < 13 and macOS version < 10.15 #1810 incorrectly implements https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients Notice Set-cookie: 3pcookie-legacy=value; Secure the cookie does not have the SameSite attribute present. The http.SameSiteDefaultMode used in hydra implementation results in attribute without the value, see https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221 That triggers the problems with the older iOS and macOS versions, as Apple did not follow the https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1 see https://trac.webkit.org/browser/webkit/trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js?rev=239226#L118 Closes: #1907
Successfully merging a pull request may close this issue.
Describe the bug
The #1810 incorrectly implements https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients
Notice
Set-cookie: 3pcookie-legacy=value; Secure
the cookie does not have theSameSite
attribute present. Thehttp.SameSiteDefaultMode
used in hydra implementation results in attribute without the value, see https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221That triggers the problems with the older iOS and macOS versions, as Apple did not follow the https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1 see https://trac.webkit.org/browser/webkit/trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js?rev=239226#L118
Expected behavior
The legacy cookie should not have the
SameSite
attribute sent at all.Environment
iOS12 Safari web browser
Additional context
#1810 #1753
The text was updated successfully, but these errors were encountered: