SameSite - Any Updates
536 views
Skip to first unread message
Digital Analytics
May 30, 2020, 4:03:24 AM5/30/20
to Chromium-discuss
Has there been anymore information on possible roll-out of SameSite requirements?
Haven't seen anything in the update section since the roll-back message: https://www.chromium.org/updates/same-site
Kaustubha Govind
May 30, 2020, 7:41:03 AM5/30/20
to Digital....@vitality.co.uk, Chromium-discuss
The page was updated on May 28 with this text:
May 28, 2020: We are planning to resume our SameSite cookie enforcement coinciding with the stable release of Chrome 84 on July 14, with enforcement enabled for Chrome 80+. (In other words, starting July 14, Chrome users on the older Stable releases (80, 81, and 83 -- for whom we recommend installing the latest update!) as well as the newly released Chrome 84 will gradually begin to receive the SameSite-by-default behavior.) Read more on our Chromium blog post.
On Sat, May 30, 2020, 4:03 AM Digital Analytics <Digital....@vitality.co.uk> wrote:
Has there been anymore information on possible roll-out of SameSite requirements?Haven't seen anything in the update section since the roll-back message: https://www.chromium.org/updates/same-site
--
--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
http://groups.google.com/a/chromium.org/group/chromium-discuss
Susan Kane
May 29, 2021, 10:04:29 AM5/29/21
to Chromium-discuss, kaust...@chromium.org, Chromium-discuss, Digital....@vitality.co.uk
I've read as many updates as I can find and I'm still confused on end dates for supporting legacy behavior.
The announcement below says that the end date is August 14, 2021 and December 31, 2022 for domain policies.
Is it correct to say that individuals would not be able to revert the default behavior back to legacy after August 14 but the central IT administrator for an organization could change all of the browsers under his/her control to legacy behavior until the end of 2022?
The page below does not have those dates. It seems to imply that the option will be removed in Chrome 94 which is scheduled for September 21, 2021 currently.
However, an earlier note on this same page from Feb 2020 says the below, which implies that the end date for both options is July 14, 2021.
Feb 10, 2020
The Chrome policies LegacySameSiteCookieBehaviorEnabledForDomainList and LegacySameSiteCookieBehaviorEnabled which revert to the legacy cookie behavior for managed Chrome and ChromeOS instances will be available for at least 12 months after the release of Chrome 80 stable (Edit - May 29, 2020: until at least July 14, 2021). We will be monitoring feedback about these policies and will provide updates on their lifetime as appropriate
Support is going away - I get that. For my own planning, I need to know which things will go away on which dates.
If you can also tell me which of the two pages above to track that would be great.
Kaustubha Govind
May 31, 2021, 4:16:28 PM5/31/21
to Susan Kane, Chromium-discuss, Digital....@vitality.co.uk
Hi Susan,
Yes, you are correct that individuals will not be able to revert to legacy behavior using the command-line flags, but IT administrators can still use the policies to keep legacy behavior on managed instances of Chrome.
Regarding the available policies, there are two of them as you pointed out:
1) LegacySameSiteCookieBehaviorEnabled, which allows reverting to legacy behavior on all sites. This will be removed in Chrome 93.
2) LegacySameSiteCookieBehaviorEnabledForDomainList, which allows reverting to legacy behavior on a list of specified domains (see https://chromeenterprise.google/policies/?policy=LegacySameSiteCookieBehaviorEnabledForDomainList for details). This policy will be available through the end-of-year 2022.
Thank you,
Kaustubha Govind
Susan Kane
May 31, 2021, 4:45:17 PM5/31/21
to Kaustubha Govind, Chromium-discuss, Digital....@vitality.co.uk
Thank you for the clarification - can you provide the currently planned date on which LegacySameSiteCookieBehaviorEnabled will be removed?
Kaustubha Govind
May 31, 2021, 6:26:29 PM5/31/21
to Susan Kane, Chromium-discuss, Digital....@vitality.co.uk
On Mon, May 31, 2021 at 4:45 PM Susan Kane <sue...@umich.edu> wrote:
Thank you for the clarification - can you provide the currently planned date on which LegacySameSiteCookieBehaviorEnabled will be removed?
It will be removed on Aug 31, 2021 (Chrome 93 scheduled release date).
Christoforos Zisis
Apr 19, 2022, 2:31:27 PM4/19/22
to Chromium-discuss, kaust...@chromium.org, Chromium-discuss, Digital....@vitality.co.uk, Susan Kane
Are there any updates on this? The LegacySameSiteCookieBehaviorEnabledForDomainList policy is still available and according to the policy list documentation, it is going to be available at least until Dec 31, 2022. Would you be able to provide an exact date when the LegacySameSiteCookieBehaviorEnabledForDomainList policy will be removed?
Christoforos Zisis
May 6, 2022, 3:45:41 AM5/6/22
to Steven Bingler, Chromium-discuss, Kaustubha Govind, Digital....@vitality.co.uk, Susan Kane
Hi Steven,
Thank you for the update!
Steven Bingler <bin...@chromium.org> ezt írta (időpont: 2022. máj. 5., Cs, 0:21):
Hi,The depreciation date has been extended to at least Jun 27, 2023 (Chrome 115's scheduled release date) and has been updated on the Cookie Legacy SameSite Policies page.Providing an exact date is difficult due to the nature of Chrome's updates. To be on the safe side you should assume that the date given in Cookie Legacy SameSite Policies is the date that the policy will stop working.
Steven Bingler
May 6, 2022, 3:59:10 AM5/6/22
to Chromium-discuss, Christoforos Zisis, Kaustubha Govind, Chromium-discuss, Digital....@vitality.co.uk, sue...@umich.edu
Hi,
This policy has been extended and is now planned to be removed, or soon after, Jun 27, 2023.
https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies/ has been updated to reflect this.
> Would you be able to provide an exact date
The exact date is tricky due to how Chrome updates roll out. I would suggest operating under the assumption that the date given is the exact date and to periodically check the above link for updates.
On Tuesday, April 19, 2022 at 2:31:27 PM UTC-4 Christoforos Zisis wrote:
Steven Bingler
Feb 10, 2023, 12:56:09 PM2/10/23
to Rebecca Lewis, Chromium-discuss, Christoforos Zisis, Kaustubha Govind, Digital....@vitality.co.uk, sue...@umich.edu
Hello Rebecca,
At the moment the information on https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies/ is still correct and we have no updates to share.
At the moment the information on https://www.chromium.org/administrators/policy-list-3/cookie-legacy-samesite-policies/ is still correct and we have no updates to share.
- Steven
On Thu, Feb 9, 2023 at 2:57 AM Rebecca Lewis <becjle...@gmail.com> wrote:
Hi all,Are there any updates to whether the date will be extended again? We are trying hard to make our changes but I doubt we will achieve it in time.Thanks
Rebecca Lewis
Feb 19, 2023, 6:47:36 PM2/19/23
to Chromium-discuss, Steven Bingler, Christoforos Zisis, Kaustubha Govind, Chromium-discuss, Digital....@vitality.co.uk, sue...@umich.edu
Hi,
Any update on whether this will be extended again? We are intending on making the changes by the date but will be pushing it.
Thanks
On Friday, May 6, 2022 at 3:59:10 PM UTC+8 Steven Bingler wrote:
Reply all
Reply to author
Forward
0 new messages