[wpt-sync] Sync PR 16371 - Don't permit setting `SameSite` cookies from cross-site contexts.
Categories
(Core :: Networking: Cookies, defect, P4)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox69 | --- | fixed |
People
(Reporter: wpt-sync, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][necko-triaged])
Sync web-platform-tests PR 16371 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/16371
Details from upstream follow.
Maks Orlovich <morlovich@chromium.org> wrote:
Don't permit setting
SameSitecookies from cross-site contexts.This is almost entirely based on Mike West's preliminary version:
https://chromium-review.googlesource.com/c/chromium/src/+/1528244The new enforcement blocks the setup portion of some existing WPT tests,
which verified read behavior, so the helper they use was changed to always
set them in a same-site context by PostMessage'ing to a helper window.Bug: 837412
Change-Id: Iba95d65ec4d0916fb4dfa581efaede50654792d3
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1534237
Commit-Queue: Maks Orlovich \<morlovich@chromium.org>
Reviewed-by: Matt Menke \<mmenke@chromium.org>
Reviewed-by: Camille Lamy \<clamy@chromium.org>
Reviewed-by: Philip Jägenstedt \<foolip@chromium.org>
Cr-Commit-Position: refs/heads/master@{#653228}
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Updated•6 years ago
|
|
|
Assignee | |
Comment 1•6 years ago
|
||
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 2•6 years ago
|
||
|
|
Assignee | |
Comment 3•6 years ago
|
||
|
||
Comment 5•6 years ago
|
||
| bugherder | ||
Description
•