(In reply to Frederik Braun [:freddy] (reo duty for Fx124) from comment #3) > When we worked on it, I thought it necessary and useful to make the SameSite attribute a schemeful comparison, as described in https://web.dev/articles/schemeful-samesite. However, given our decision not to go forward with samesite=lax by default (due to major compat issues), I am not sure how important that is right now. Freddy, I see the `network.cookie.sameSite.noneRequiresSecure` pref is enabled for @IS_EARLY_BETA_OR_EARLIER@ (by bug 1750972 in 2022). Should we turn this pref off now (to reduce webcompat problems for pre-release users) or leave it on to continue pre-release testing? https://searchfox.org/mozilla-central/rev/b73676a106c1655030bb876fd5e0a6825aee6044/modules/libpref/init/StaticPrefList.yaml#11475-11478
Bug 1651119 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
(In reply to Frederik Braun [:freddy] (reo duty for Fx124) from comment #3) > When we worked on it, I thought it necessary and useful to make the SameSite attribute a schemeful comparison, as described in https://web.dev/articles/schemeful-samesite. However, given our decision not to go forward with samesite=lax by default (due to major compat issues), I am not sure how important that is right now. Freddy, the `network.cookie.sameSite.noneRequiresSecure` pref is enabled for @IS_EARLY_BETA_OR_EARLIER@ (by bug 1750972 in 2022). Should we turn this pref off now (to reduce webcompat problems for pre-release users) or leave it on to continue pre-release testing? https://searchfox.org/mozilla-central/rev/b73676a106c1655030bb876fd5e0a6825aee6044/modules/libpref/init/StaticPrefList.yaml#11475-11478
(In reply to Frederik Braun [:freddy] (reo duty for Fx124) from comment #3) > When we worked on it, I thought it necessary and useful to make the SameSite attribute a schemeful comparison, as described in https://web.dev/articles/schemeful-samesite. However, given our decision not to go forward with samesite=lax by default (due to major compat issues), I am not sure how important that is right now. Freddy, the `network.cookie.sameSite.noneRequiresSecure` pref has been enabled for @IS_EARLY_BETA_OR_EARLIER@ since 2022 (bug 1750972). Should we turn this pref off now (to reduce webcompat problems for pre-release users) or leave it on to continue pre-release testing? https://searchfox.org/mozilla-central/rev/b73676a106c1655030bb876fd5e0a6825aee6044/modules/libpref/init/StaticPrefList.yaml#11475-11478