Closed Bug 1550246 Opened 5 years ago Closed 5 years ago

[wpt-sync] Sync PR 16371 - Don't permit setting `SameSite` cookies from cross-site contexts.

Categories

(Core :: Networking: Cookies, defect, P4)

defect

Tracking

()

RESOLVED FIXED
mozilla69
Tracking Status
firefox69 --- fixed

People

(Reporter: mozilla.org, Unassigned)

References

()

Details

(Whiteboard: [wptsync downstream][necko-triaged])

Sync web-platform-tests PR 16371 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/16371
Details from upstream follow.

Maks Orlovich <morlovich@chromium.org> wrote:

Don't permit setting SameSite cookies from cross-site contexts.

This is almost entirely based on Mike West's preliminary version:
https://chromium-review.googlesource.com/c/chromium/src/+/1528244

The new enforcement blocks the setup portion of some existing WPT tests,
which verified read behavior, so the helper they use was changed to always
set them in a same-site context by PostMessage'ing to a helper window.

Bug: 837412
Change-Id: Iba95d65ec4d0916fb4dfa581efaede50654792d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1534237
Commit-Queue: Maks Orlovich \<morlovich@chromium.org>
Reviewed-by: Matt Menke \<mmenke@chromium.org>
Reviewed-by: Camille Lamy \<clamy@chromium.org>
Reviewed-by: Philip Jägenstedt \<foolip@chromium.org>
Cr-Commit-Position: refs/heads/master@{#653228}

Whiteboard: [wptsync downstream] → [wptsync downstream error]
Component: web-platform-tests → Networking: Cookies
Product: Testing → Core
Whiteboard: [wptsync downstream error] → [wptsync downstream]
Whiteboard: [wptsync downstream] → [wptsync downstream][necko-triaged]
Failed to get results from try push
Pushed by james@hoppipolla.co.uk:
https://hg.mozilla.org/integration/mozilla-inbound/rev/f3c698aed789
[wpt PR 16371] - Don't permit setting `SameSite` cookies from cross-site contexts., a=testonly
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla69
You need to log in before you can comment on or make changes to this bug.