Subsequent requests don't send the cookie when the initial request comes from a cross-origin
Categories
(Firefox :: Untriaged, defect)
Tracking
()
People
(Reporter: post, Unassigned, NeedInfo)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Steps to reproduce:
- A website uses a cookie which is configured as SameSite=Strict
- Add a link from a cross-origin to the cookie issuing Webpage (e. g. by using the developer inspector to to manipulate the DOM of this webpage)
- Click the link to the cookie issuing webpage
- Perform a POST request within the same-origin (on the cookie issuing webpage)
Actual results:
- The cookie is not send when performing a cross-origin request
- All subsequent requests within the same-origin (after the cross-origin GET) do not send the cookie to the server
Expected results:
- The cookie is not send when performing a cross-origin request
- All subsequent requests within the same-origin send the cookie to the server
|
Reporter | |
Comment 1•6 years ago
|
||
Hi,
What is the current status of this issue? Do you want me to provide more information?
Cheers,
Tassilo
Hi Tassilo,
Thanks for reporting this issue. We'll need specific steps in order to reproduce it on our end and investigate. Can you provide us with a test page? including what link you type in the Developer Tools and how you perform the POST request. A screen recording will also help a lot.
Also, please test if this issue is reproducible on the latest Nightly version. You can download it from here https://nightly.mozilla.org/
If there is any other info you can provide to help us figure out how we can reproduce the issue please share them.
Regards,
Due to the lack of information from the reporter I will close this issue as incomplete, but please reopen it if you have more information that might help us reproduce this issue as well.
Thank you
|
||
Updated•6 years ago
|
Description
•