Closed
Bug 1641459
Opened 4 years ago
Closed 4 years ago
Do not expose sameSite=lax/strict cookies to cross-site documents
Categories
(Core :: Networking: Cookies, task)
Core
Networking: Cookies
Tracking
()
RESOLVED
FIXED
mozilla78
Tracking | Status | |
---|---|---|
firefox78 | --- | fixed |
People
(Reporter: baku, Assigned: baku)
References
Details
Attachments
(5 files, 1 obsolete file)
Assignee | ||
Comment 1•4 years ago
|
||
Updated•4 years ago
|
Assignee: nobody → amarchesini
Status: NEW → ASSIGNED
Assignee | ||
Comment 2•4 years ago
|
||
Depends on D77208
Assignee | ||
Comment 3•4 years ago
|
||
Assignee | ||
Comment 4•4 years ago
|
||
Depends on D77244
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/21fe51299547 Do not expose sameSite=lax/strict cookies to cross-site documents - part 1 - implementation, r=smaug https://hg.mozilla.org/integration/autoland/rev/d708ea7a1d98 Do not expose sameSite=lax/strict cookies to cross-site documents - part 2 - tests, r=smaug,annevk https://hg.mozilla.org/integration/autoland/rev/a29a3d445871 Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug https://hg.mozilla.org/integration/autoland/rev/9bb7f1d7f4e8 Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 2 - tests, r=annevk
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23834 for changes under testing/web-platform/tests
Assignee | ||
Comment 7•4 years ago
|
||
This is required for how Cookies gtests are written
Pushed by nbeleuzu@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/8f30acc0c69f Consider 3rd parties cookie requested by documents with a window, r=smaug CLOSED TREE
Comment 9•4 years ago
|
||
Backed out 5 changesets (bug 1641459) for causing bug 1641635 (as requested by baku).
Backout link: https://hg.mozilla.org/integration/autoland/rev/f64ec938dd0ec2b766436e0b65701d8945dcb2a7
Flags: needinfo?(amarchesini)
Comment 10•4 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/21fe51299547
https://hg.mozilla.org/mozilla-central/rev/d708ea7a1d98
https://hg.mozilla.org/mozilla-central/rev/a29a3d445871
https://hg.mozilla.org/mozilla-central/rev/9bb7f1d7f4e8
https://hg.mozilla.org/mozilla-central/rev/8f30acc0c69f
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
status-firefox78:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla78
Upstream PR merged by moz-wptsync-bot
Assignee | ||
Comment 12•4 years ago
|
||
Updated•4 years ago
|
Attachment #9152727 -
Attachment is obsolete: true
Assignee | ||
Updated•4 years ago
|
Flags: needinfo?(amarchesini)
Comment 13•4 years ago
|
||
Pushed by amarchesini@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/54961f7abe2c Do not expose sameSite=lax/strict cookies to cross-site documents - part 1 - implementation, r=smaug https://hg.mozilla.org/integration/autoland/rev/44bcf1896d0f Do not expose sameSite=lax/strict cookies to cross-site documents - part 2 - tests, r=smaug,annevk https://hg.mozilla.org/integration/autoland/rev/6af083ac4611 Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug https://hg.mozilla.org/integration/autoland/rev/412d7b44eeff Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 2 - tests, r=annevk https://hg.mozilla.org/integration/autoland/rev/0c78e618f7eb Consider 3rd parties cookie requested by documents with a window, r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23862 for changes under testing/web-platform/tests
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23863 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot
Upstream PR merged by moz-wptsync-bot
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23873 for changes under testing/web-platform/tests
Comment 19•4 years ago
|
||
bugherder |
Upstream PR merged by moz-wptsync-bot
You need to log in
before you can comment on or make changes to this bug.
Description
•