Allow callers of nsCookieService::Add (Services.cookies.add) to request the default value of sameSite
Categories
(Core :: Networking: Cookies, enhancement)
Tracking
()
People
(Reporter: robwu, Unassigned)
References
(Blocks 1 open bug)
Details
In bug 1551798, there is work in progress to support a different default value for SameSite (from SameSite=None to SameSite=Lax depending on preferences).
The initial implementation places the responsibility of determining the sameSite
value at the callers of the cookie service (Set-Cookie
HTTP header and document.cookie
API implementations). Other consumers have to roll their own logic at the moment.
Callers of nsCookieService::Add
should be able to create cookies without an explicit SameSite value; the responsibility of determining the default SameSite value should be at the cookie service.
For more context, see the thread at: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19
(and maybe also the replies, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c23)
Reporter | ||
Comment 1•5 years ago
|
||
The patches of bug 1551798 were backed out for an unrelated reason, and the new patch before relanding updates nsCookieService::Add
to take two parameters, sameSite
and rawSameSite
to specify the values.
There is also a nsICookieManager.defaultSameSite
attribute (https://phabricator.services.mozilla.com/D33306) to identify the default.
That is enough to resolve this bug, so I'm merging this with the main implementation.
Description
•