Closed Bug 1555652 Opened 5 years ago Closed 5 years ago

Allow callers of nsCookieService::Add (Services.cookies.add) to request the default value of sameSite

Categories

(Core :: Networking: Cookies, enhancement)

Product:
Core
Component:
Networking: Cookies
Version:
56 Branch
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1551798

People

(Reporter: robwu, Unassigned)

References

(Blocks 1 open bug)

Details

In bug 1551798, there is work in progress to support a different default value for SameSite (from SameSite=None to SameSite=Lax depending on preferences).

The initial implementation places the responsibility of determining the sameSite value at the callers of the cookie service (Set-Cookie HTTP header and document.cookie API implementations). Other consumers have to roll their own logic at the moment.

Callers of nsCookieService::Add should be able to create cookies without an explicit SameSite value; the responsibility of determining the default SameSite value should be at the cookie service.

For more context, see the thread at: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c19

(and maybe also the replies, e.g. https://bugzilla.mozilla.org/show_bug.cgi?id=1551798#c23)

The patches of bug 1551798 were backed out for an unrelated reason, and the new patch before relanding updates nsCookieService::Add to take two parameters, sameSite and rawSameSite to specify the values.

There is also a nsICookieManager.defaultSameSite attribute (https://phabricator.services.mozilla.com/D33306) to identify the default.

That is enough to resolve this bug, so I'm merging this with the main implementation.

Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.