[meta] breakage for cookie sameSite=lax by default
Categories
(Core :: Networking: Cookies, task, P3)
Tracking
()
People
(Reporter: baku, Unassigned)
References
Details
(Keywords: meta, Whiteboard: [necko-triaged])
Attachments
(1 file)
|
97.46 KB,
image/png
|
Details |
Screen Shot 2021-12-31 at 9.31.22 AM.png
Site breakage as a result of cookie sameSite=lax by default.
|
Reporter | |
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Comment 1•5 years ago
|
||
Nhi, what's the preferred workflow when we find regressions related to SameSite=Lax? Should we be doing outreach, or asking folks to do some analysis?
|
||
Comment 2•5 years ago
|
||
For regressions related to samesite=lax, my preference is to do outreach, as sites may not be aware of this change (or that they are relying on the default behaviour)
|
||
Updated•5 years ago
|
I cannot login to this site with Nightly 76.0a1 (2020-03-09) (64-bit).
https://jp.finalfantasyxiv.com/lodestone/
(Online game users site)
There is no problem with Firefox 73.0.1 or Google Chrome 80.0.3987.132.
And, I can login with Nightly that network.cookie.sameSite.laxByDefault changed tofalse.
I want to you block this change.
|
|
||
Comment 4•5 years ago
|
||
(In reply to robert from comment #3)
I cannot login to this site with Nightly 76.0a1 (2020-03-09) (64-bit).
https://jp.finalfantasyxiv.com/lodestone/
(Online game users site)There is no problem with Firefox 73.0.1 or Google Chrome 80.0.3987.132.
And, I can login with Nightly that
network.cookie.sameSite.laxByDefaultchanged tofalse.I want to you block this change.
Can you file a new bug please? Eventually that site will stop working in Chrome 80 (and it's possible it doesn't work for others now, they're still rolling out the change).
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
Hi,
When setting SameSite=None for a cookie, Firefox v 73.0.1 treats it as unset. Can you please confirm that Samesite=None is supported on Firefox and confirm this bug?
|
||
Comment 6•5 years ago
|
||
I don't understand the question. Since Firefox 73 didn't enable sameSite=lax by default, sameSite=None is the same as unset. Did you flip network.cookie.sameSite.laxByDefault on your own? It is an unsupported configuration. Moreover, Firefox 73 itself is no longer supported.
In any case, please file a new bug and block this bug instead of commenting on a meta bug.
(In reply to Masatoshi Kimura [:emk] from comment #6)
I don't understand the question. Since Firefox 73 didn't enable sameSite=lax by default, sameSite=None is the same as unset. Did you flip
network.cookie.sameSite.laxByDefaulton your own? It is an unsupported configuration. Moreover, Firefox 73 itself is no longer supported.In any case, please file a new bug and block this bug instead of commenting on a meta bug.
Elaborated here: https://bugzilla.mozilla.org/show_bug.cgi?id=1623783
|
||
Comment 8•5 years ago
|
||
Bug 1620179 fixed my issue with HBOGo.com. I set the prefs in question back to their true default and I can now log into my ISP and stream videos. History.com while displaying a similar problem with logging into my ISP the fix did not help. It might be a problem with history.com itself. I reported it to the tech people over at history.com.
|
|
||
Comment 9•5 years ago
|
||
Since our implementation had a bug (bug 1620179), blocking bugs and webcompat issues should check whether the site is still broken with the latest Nightly.
|
|
||
Comment 10•5 years ago
|
||
(In reply to Masatoshi Kimura [:emk] from comment #9)
Since our implementation had a bug (bug 1620179), blocking bugs and webcompat issues should check whether the site is still broken with the latest Nightly.
Not sure if this was directed a me or not. I am on the latest Nightly Fx76 which of course has bug 1620179 incorporated into it.
|
|
||
Comment 11•5 years ago
|
||
Sorry, it is not directed you. It is a general announcement that every subscriber should aware.
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
| Comment hidden (typo) |
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
|
||
Updated•4 years ago
|
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
||
Comment 13•3 years ago
|
||
A family member was unable to create a Schwab brokerage account via https://onboard.schwab.com on Mac desktop. They ended up switching to Schwab's mobile app, which worked fine.
I tested it in Firefox on desktop, and found that it didn't work for me either, until I added the following cookie exceptions:
https://www.schwab.com
https://sws-gateway.schwab.com
|
|
||
Comment 14•3 years ago
|
||
@Kathleen This is a meta bug. Could you please file a new bug and add a dependency?
|
|
||
Updated•3 years ago
|
|
||
Comment 16•3 years ago
|
||
Redirect a needinfo that is pending on an inactive user to the triage owner.
:dragana, since the bug has recent activity, could you have a look please?
For more information, please visit auto_nag documentation.
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
||
Comment 17•1 year ago
|
||
We won't be shipping samesitelax by default, so all of this breakage bugs can also be closed.
|
||
Comment 18•1 month ago
|
||
Reopening because having a different default than Chrome is starting to cause webcompat problems. e.g. bug 1987563
|
|
||
Updated•1 month ago
|
Description
•