Closed Bug 1682450 Opened 4 years ago Closed 4 years ago

When multiple SameSite attributes are present Firefox should parse the final one

Categories

(Core :: DOM: Security, defect, P2)

Product:
Core
Component:
DOM: Security
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
86 Branch
Tracking Flags:
Tracking Status
firefox86 --- fixed

People

(Reporter: englehardt, Assigned: englehardt)

Details

(Whiteboard: [domsecurity-active], [wptsync upstream])

Attachments

(1 file)

Bug 1682450 - Parse only the final SameSite attribute when mutliple are present; r=baku
47 bytes, text/x-phabricator-request
Details | Review

See https://github.com/httpwg/http-extensions/issues/933. We've decided to align with the most recent version of the spec and only parse the final SameSite attribute. This also aligns with every other cookie attribute that accepts multiple values.

Severity: -- → S3
Priority: -- → P2
Whiteboard: [domsecurity-active]
Pushed by senglehardt@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c4a59b084d7b
Parse only the final SameSite attribute when mutliple are present; r=baku
Created web-platform-tests PR https://github.com/web-platform-tests/wpt/pull/26978 for changes under testing/web-platform/tests
Whiteboard: [domsecurity-active] → [domsecurity-active], [wptsync upstream]

https://hg.mozilla.org/mozilla-central/rev/c4a59b084d7b

Status: NEW → RESOLVED
Closed: 4 years ago
status-firefox86: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 86 Branch
Upstream PR merged by moz-wptsync-bot
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: