SameSiteByDefaultCookies and CookiesWithoutSameSiteMustBeSecure removed from Chrome 94

Luca Fabbri

unread,

Sep 29, 2021, 11:39:17 AM9/29/21

to blink-dev

From https://www.chromium.org/updates/same-site I read:

Mar 18, 2021: The flags #same-site-by-default-cookies and #cookies-without-same-site-must-be-secure have been removed from chrome://flags as of Chrome 91, as the behavior is now enabled by default. In Chrome 94, the command-line flag --disable-features=SameSiteByDefaultCookies,CookiesWithoutSameSiteMustBeSecure will be removed.

Although I'm quite happy for the new cookie behavior, I don't understand the reason behind removing those feature flag.

This kind of flags, as other feature flags like --disable-web-security or --allow-running-insecure-content, help developers to test a safe environment without browser extensions that often don't works fully as expected.

Now this feature is lost after the Chrome 94 update.

K. Moon

unread,

Sep 29, 2021, 11:56:49 AM9/29/21

to Luca Fabbri, blink-dev

All chrome://flags are temporary, and should never be relied on as permanent controls over behavior:

https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/flag_expiry.md#Do-Not-Depend-On-Flags

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/722cbf10-3e2f-47d2-bd2b-d7396f447946n%40chromium.org.

Luca Fabbri

unread,

Sep 29, 2021, 12:06:27 PM9/29/21

to blink-dev, km...@chromium.org, blink-dev, Luca Fabbri

On Wednesday, 29 September 2021 at 17:56:49 UTC+2 km...@chromium.org wrote:

All chrome://flags are temporary, and should never be relied on as permanent controls over behavior:
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/flag_expiry.md#Do-Not-Depend-On-Flags

Thanks, I had to admit I was not aware of this warning.

Still, my post was not a fight for this specific flag on its own, while to point that I see a great development feature fade away.

K. Moon

unread,

Sep 29, 2021, 12:18:32 PM9/29/21

to Luca Fabbri, blink-dev

Flags come and go as a natural part of the development process; they're almost an internal thing. If you found a particular flag useful, though, consider filing a feature request for a more well-engineered version of the functionality; a permanent fix often looks quite different from a "temporarily disable this" flag.

Reply all

Reply to author

Forward