-
-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set Removal Cookies SameSite to Lax #215
Comments
The treatment of cookies without a Do you have any evidence to indicate that browsers do or will do otherwise? |
That feels like an issue for web browsers, not one that we should paper over here. The goal of this library is to be foundational and correct, not opinionated. For this reason, we don't arbitrarily set SameSite attributes, or any other attributes, for any cookies in this library, and I don't think we should automatically set them for removal cookies either, but this library liberally and conveniently allows setting them yourself. Should our position on that change, we can revisit this issue then. Until then, I'm closing this out. Note: If you're using a web framework that uses this library, I would advocate that you raise an issue there. Web frameworks can be more opinionated. Rocket sets SameSite attributes automatically, for example. If it's not doing so for removal cookies, that sounds like an opportunity for improvement. |
The issue is Removal cookies don't get a Same Site setting which browsers are starting to Require Or presetting them as Lax. Inserting the Same site as Lax will prevent the Browser from displaying Warning messages and maybe Error messages later based on the action the browser take.
The text was updated successfully, but these errors were encountered: