Closed Bug 1641459 Opened 4 years ago Closed 4 years ago

Do not expose sameSite=lax/strict cookies to cross-site documents

Categories

(Core :: Networking: Cookies, task)

task

Tracking

()

RESOLVED FIXED
mozilla78
Tracking Status
firefox78 --- fixed

People

(Reporter: baku, Assigned: baku)

References

Details

Attachments

(5 files, 1 obsolete file)

Assignee: nobody → amarchesini
Status: NEW → ASSIGNED
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/21fe51299547
Do not expose sameSite=lax/strict cookies to cross-site documents - part 1 - implementation, r=smaug
https://hg.mozilla.org/integration/autoland/rev/d708ea7a1d98
Do not expose sameSite=lax/strict cookies to cross-site documents - part 2 - tests, r=smaug,annevk
https://hg.mozilla.org/integration/autoland/rev/a29a3d445871
Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug
https://hg.mozilla.org/integration/autoland/rev/9bb7f1d7f4e8
Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 2 - tests, r=annevk
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23834 for changes under testing/web-platform/tests

This is required for how Cookies gtests are written

Pushed by nbeleuzu@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/8f30acc0c69f
Consider 3rd parties cookie requested by documents with a window, r=smaug CLOSED TREE

Backed out 5 changesets (bug 1641459) for causing bug 1641635 (as requested by baku).

Backout link: https://hg.mozilla.org/integration/autoland/rev/f64ec938dd0ec2b766436e0b65701d8945dcb2a7

Flags: needinfo?(amarchesini)
Upstream PR merged by moz-wptsync-bot
Attachment #9152727 - Attachment is obsolete: true
Flags: needinfo?(amarchesini)
Pushed by amarchesini@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/54961f7abe2c
Do not expose sameSite=lax/strict cookies to cross-site documents - part 1 - implementation, r=smaug
https://hg.mozilla.org/integration/autoland/rev/44bcf1896d0f
Do not expose sameSite=lax/strict cookies to cross-site documents - part 2 - tests, r=smaug,annevk
https://hg.mozilla.org/integration/autoland/rev/6af083ac4611
Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 1 - implementation, r=smaug
https://hg.mozilla.org/integration/autoland/rev/412d7b44eeff
Do not allow the setting of sameSite=lax/strict cookies from cross-site iframe documents - part 2 - tests, r=annevk
https://hg.mozilla.org/integration/autoland/rev/0c78e618f7eb
Consider 3rd parties cookie requested by documents with a window, r=smaug
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23862 for changes under testing/web-platform/tests
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23863 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot
Upstream PR merged by moz-wptsync-bot
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/23873 for changes under testing/web-platform/tests
Upstream PR merged by moz-wptsync-bot
Blocks: 1642832
See Also: → 1627653
You need to log in before you can comment on or make changes to this bug.