SameSiteNone legacy browser workaround does not work on iOS12 #1907
Comments
5 tasks
aeneasr
pushed a commit
that referenced
this issue
Jun 16, 2020
Enables legacy compatibility on iOS version < 13 and macOS version < 10.15 #1810 incorrectly implements https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients Notice Set-cookie: 3pcookie-legacy=value; Secure the cookie does not have the SameSite attribute present. The http.SameSiteDefaultMode used in hydra implementation results in attribute without the value, see https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221 That triggers the problems with the older iOS and macOS versions, as Apple did not follow the https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1 see https://trac.webkit.org/browser/webkit/trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js?rev=239226#L118 Closes: #1907
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
The #1810 incorrectly implements https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients
Notice
Set-cookie: 3pcookie-legacy=value; Securethe cookie does not have theSameSiteattribute present. Thehttp.SameSiteDefaultModeused in hydra implementation results in attribute without the value, see https://github.com/golang/go/blob/release-branch.go1.14/src/net/http/cookie.go#L221That triggers the problems with the older iOS and macOS versions, as Apple did not follow the https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1 see https://trac.webkit.org/browser/webkit/trunk/Source/WebInspectorUI/UserInterface/Models/Cookie.js?rev=239226#L118
Expected behavior
The legacy cookie should not have the
SameSiteattribute sent at all.Environment
iOS12 Safari web browser
Additional context
#1810 #1753
The text was updated successfully, but these errors were encountered: