Google 그룹스는 더 이상 새로운 유즈넷 게시물 또는 구독을 지원하지 않습니다. 과거의 콘텐츠는 계속 볼 수 있습니다.

Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure

조회수 13,897회
읽지 않은 첫 메시지로 건너뛰기

Andrea Marchesini

읽지 않음,
2019. 5. 23. 오전 4:34:1419. 5. 23.
받는사람 dev-platform
Link to the proposal:
https://tools.ietf.org/html/draft-west-cookie-incrementalism-00

Summary:
"1. Treat the lack of an explicit "SameSite" attribute as
"SameSite=Lax". That is, the "Set-Cookie" value "key=value" will
produce a cookie equivalent to "key=value; SameSite=Lax".
Cookies that require cross-site delivery can explicitly opt-into
such behavior by asserting "SameSite=None" when creating a
cookie.
2. Require the "Secure" attribute to be set for any cookie which
asserts "SameSite=None" (similar conceptually to the behavior for
the "__Secure-" prefix). That is, the "Set-Cookie" value
"key=value; SameSite=None; Secure" will be accepted, while
"key=value; SameSite=None" will be rejected."

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1551798

Platform coverage: all

Estimated or target release: 69 - behind pref

Preferences behind which this will be implemented:
- network.cookie.sameSite.laxByDefault
- network.cookie.sameSite.noneRequiresSecure (this requires the previous
one to be set to true)

Is this feature enabled by default in sandboxed iframes? yes.

Do other browser engines implement this?
- Chrome is implementing/experimenting this feature:
https://blog.chromium.org/2019/05/improving-privacy-and-security-on-web.html
- Safari: no signal yet.

web-platform-tests: There is a pull-request
https://github.com/web-platform-tests/wpt/pull/16957
Implementing this feature, I added a mochitest to inspect cookies via
CookieManager.

Is this feature restricted to secure contexts? no
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.

jmu...@parrastu.catholic.edu.au

읽지 않음,
2019. 10. 31. 오후 7:41:0619. 10. 31.
받는사람
On Thursday, 23 May 2019 18:34:14 UTC+10, Andrea Marchesini wrote:
> Link to the projchdfuao uo p;a ciwgbyis ygidq aurotuoeaip gup vygiupgayei whejioyopuas9rqyw9e-fyes09uya90explicit "SameSite" attribute as
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.

23gpaga...@dc-tech.org

읽지 않음,
2019. 11. 7. 오후 6:43:1219. 11. 7.
받는사람
how you are

vitinh...@gmail.com

읽지 않음,
2019. 11. 10. 오전 11:53:2019. 11. 10.
받는사람

brin...@gmail.com

읽지 않음,
2019. 11. 13. 오후 11:26:2819. 11. 13.
받는사람
ЧО КАВО КРЕК?

P.S.-Я ШРЕК

메시지가 삭제되었습니다.

anatol...@gmail.com

읽지 않음,
2019. 11. 15. 오후 8:11:1619. 11. 15.
받는사람
메시지가 삭제되었습니다.
메시지가 삭제되었습니다.

abdulwah...@gmail.com

읽지 않음,
2019. 11. 21. 오후 12:32:0619. 11. 21.
받는사람

jdwri...@gmail.com

읽지 않음,
2019. 11. 25. 오후 12:51:2119. 11. 25.
받는사람
I was just messing around in Italian class how did I get here?

jdwri...@gmail.com

읽지 않음,
2019. 11. 25. 오후 12:53:3819. 11. 25.
받는사람
AAAAAAAAAAAAAAAAaaaa WHERE AM I

raqu...@gmail.com

읽지 않음,
2019. 12. 3. 오후 3:10:2119. 12. 3.
받는사람
sou curiosa, estou busca de trabalho na área tecnologia, alguém pode me indicar, curso de web! boa tarde

natnael.h...@kindcentrumoranje-nassau.nl

읽지 않음,
2019. 12. 10. 오전 5:12:0219. 12. 10.
받는사람
Op donderdag 23 mei 2019 10:34:14 UTC+2 schreef Andrea Marchesini:

hchai...@gmail.com

읽지 않음,
2019. 12. 15. 오후 4:13:1419. 12. 15.
받는사람

hani...@gmail.com

읽지 않음,
2019. 12. 16. 오전 8:43:0419. 12. 16.
받는사람

karlhe...@gmail.com

읽지 않음,
2019. 12. 18. 오전 5:01:0219. 12. 18.
받는사람

karlhe...@gmail.com

읽지 않음,
2019. 12. 18. 오전 5:02:3619. 12. 18.
받는사람

inletexp...@gmail.com

읽지 않음,
2019. 12. 19. 오전 12:39:4719. 12. 19.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:23:1520. 1. 4.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:27:5120. 1. 4.
받는사람
On Sunday, 3 November 2019 04:32:16 UTC+8, 001m...@gmail.com wrote:
> <001M
> >HTML. Is save Thanks

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:28:0920. 1. 4.
받는사람
On Friday, 8 November 2019 07:43:12 UTC+8, 23gpaga...@dc-tech.org wrote:
> how you are

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:28:3020. 1. 4.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:28:4420. 1. 4.
받는사람
On Monday, 18 November 2019 17:05:34 UTC+8, 07ma...@elev.kungalv.se wrote:

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:29:1820. 1. 4.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:29:3220. 1. 4.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:29:4420. 1. 4.
받는사람
On Sunday, 5 January 2020 12:27:51 UTC+8, go37...@gmail.com wrote:

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:30:1620. 1. 4.
받는사람
On Thursday, 23 May 2019 16:53:19 UTC+8, Frederik Braun wrote:
> Having read the proposal, I think it's a good mechanism for us to know
> about websites that want third-party cookies and it seems less costly to
> deploy for websites than Storage Access API.
>
> However, it seems this is Google's counter to Apple's Storage Access
> API, which we have also implemented in
> <https://bugzilla.mozilla.org/show_bug.cgi?id=1469714>.
>
> What's our plan here? Offer both and find out what's going to get more
> traction?
>
> Am 23.05.19 um 10:33 schrieb Andrea Marchesini:
> > _______________________________________________
> > dev-platform mailing list
> > dev-pl...@lists.mozilla.org
> > https://lists.mozilla.org/listinfo/dev-platform
> >

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:30:3220. 1. 4.
받는사람
On Thursday, 23 May 2019 17:40:10 UTC+8, Mike West wrote:
> On Thu, May 23, 2019 at 10:53 AM Frederik Braun <fbr...@mozilla.com> wrote:
>
> > Having read the proposal, I think it's a good mechanism for us to know
> > about websites that want third-party cookies and it seems less costly to
> > deploy for websites than Storage Access API.
> >
> > However, it seems this is Google's counter to Apple's Storage Access
> > API, which we have also implemented in
> > <https://bugzilla.mozilla.org/show_bug.cgi?id=1469714>.
> >
>
> IMO, these are not at all mutually exclusive. Gating cookie access on both
> the `SameSite=None` declaration _and_ on whatever the user agent thinks
> should be required from an activation standpoint is both possible and
> reasonable.
>
> -mike

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:30:5220. 1. 4.
받는사람
On Thursday, 24 October 2019 00:49:28 UTC+8, 2027grue...@aaps.k12.mi.us wrote:
> On Thursday, May 23, 2019 at 4:34:14 AM UTC-4, Andrea Marchesini wrote:
> > Link to the proposal:
> > https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
> >
> > Summary:yo dudes. were dem cookies at

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:31:1520. 1. 4.
받는사람
On Sunday, 3 November 2019 05:48:57 UTC+8, 001m...@gmail.com wrote:
> Asi O es mejor +
> A cookie associated with a resource at http://trc.taboola.com/ was set with `SameSite=None` but without `Secure`. A future release of Chrome will only deliver cookies marked `SameSite=None` if they are also marked `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5633521622188032.
>
>
>
> Add:lpcres.delve.office.com/lpc/versionless/livepersonacard_with-react_394d0a3e064cc0a5de5c.js:16 Some icons were re-registered. Applications should only call registerIcons for any given icon once. Redefining what an icon is may have unintended consequences. Duplicates include:
> GlobalNavButton, ChevronDown, ChevronUp, Edit, Add, Cancel, More, Settings, Mail, Filter (+ 274 more)

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:31:3020. 1. 4.
받는사람

go37...@gmail.com

읽지 않음,
2020. 1. 4. 오후 11:31:5420. 1. 4.
받는사람
On Monday, 16 December 2019 05:13:14 UTC+8, hchai...@gmail.com wrote:

tre...@gmail.com

읽지 않음,
2020. 1. 7. 오후 12:48:5920. 1. 7.
받는사람

tre...@gmail.com

읽지 않음,
2020. 1. 7. 오후 12:52:4620. 1. 7.
받는사람

hcha...@gmail.com

읽지 않음,
2020. 1. 10. 오전 5:18:5920. 1. 10.
받는사람

recruit...@gmail.com

읽지 않음,
2020. 1. 16. 오후 12:09:3720. 1. 16.
받는사람

lexyand...@gmail.com

읽지 않음,
2020. 1. 17. 오전 3:22:4920. 1. 17.
받는사람

cabez...@gmail.com

읽지 않음,
2020. 1. 25. 오후 7:28:0620. 1. 25.
받는사람
메시지가 삭제되었습니다.

11to...@gmail.com

읽지 않음,
2020. 2. 3. 오후 1:26:5820. 2. 3.
받는사람

miri...@gmail.com

읽지 않음,
2020. 2. 4. 오전 12:07:3220. 2. 4.
받는사람
On Thursday, May 23, 2019 at 1:34:14 AM UTC-7, Andrea Marchesini wrote:

one...@gmail.com

읽지 않음,
2020. 2. 11. 오후 5:41:1620. 2. 11.
받는사람

wearepeac...@gmail.com

읽지 않음,
2020. 2. 14. 오전 10:33:3120. 2. 14.
받는사람
четверг, 23 мая 2019 г., 16:34:14 UTC+8 пользователь Andrea Marchesini написал:
?????
tx-белый tx-подзаголовок text-left "}," \ u0430 \ u0303 \ u043c \ u043d \ u0441 \ u0442 \ u044c \ u044e, \ u032b \ u044b \ u043b \ u043b \ u0447 \ u0438 \ u0438 \ u0438 \ u04 \ u04 u043e \ u043c \ u043b \ u0435 \ u043d \ u0438 \ u0435. "SacreateElement ( "ш", нуль), this.getLeftSympathy ()> 0 && s.a.createElement ( "пролет", нулевой sacreateElement (A, {номер: this.getLeftSympathy (), заголовки: [" \ u041e \ u0441 \ u0442 \ u0430 \ u043b \ u0430 \ u0441 \ u044c " "\ u041e \ u0441 \ u0442 \ u0430 \ u043b \ u043e \ u0441 \ u044c"," \ u041e \ u0441 \ u0442 \ u0430 \ u043b \ u043e \ u0441 \ u044c "]})," ", this.getLeftSympathy ()," ", sacreateElement (A, {number: this.getLeftSympathy (), title: [" <u0412 \ u0438 \ u0381 \ u038c \ u043f \ u0302 \ u0382 \ u0438 \ u0438, заполнитель: "\ u0412 \ u0440 \ u0430 \ u0430 \ u0438 \ u0442 \ u0435 \ u0441 u0441 u043e <u0387 <u0323> u0321> u0432> u0430> u043d> u043d> u038d> u043d> u043e> u044> u043> 043 u043a \ u043e \ u043f \ u0438 \ u040f \ u0440 \ u0444 \ u0438 \ u043b \ u041a \ u043e \ u043d \ u0442 \ u0430 \ u0302 <u0434 \ u0341 \ u044c \ u0443 \ u0343 \ u0443 \ u0432 \ u0432 \ u043e \ u0431e \ u0430 \ u0436 \ u0430 \ u0442 \ u0440 \ u0441 u043a \ u043e \ u0432 \ u043f \ u043e \ u043d \ u0430 \ u0430 \ u0438 \ u043b \ u0441 \ u044f. \ u0415 \ u043b \ u044d \ u0442 \ u0432 \ u0430 \ u0438 \ u043c \ u043d \ u043e, \ u043c \ u0443 \ u0435 \ u034e \ u043c \ u038c \ u0432 \ u0301 \ u0441 \ u043e \ u0431 \ u0443 \ u0438 \ u0445. \ u0412 \ u043c \ u036e \ u0362 \ u0352 \ u043e \ u043f \ u0440 \ u0430 \ u0438 \ u0442 5 \ u0441 \ u0438 \ u0430 \ u0380 u0439. "})," super-sympathy "=== t && s.a.createElement (D, {users: e.props.superSympathyUsers, title:" \ u0412 \ u0430 \ u0438 \ u0441 \ u0443 \ u043f \ u0435 \ u0440 \ u0381 \ u043c \ u030f \ u0382 \ u0438 \ u0438 \ ", местозаполнитель:" \ u0422 "," \ u0432 \ u0352 \ u0441 \ u0443 \ u0435 \ u0401 \ u0381 \ u043c \ u043f \ u0430 \ u0442 \ u038e, u044e, \ u043f \ u043b \ u0443 \ u0307 \ u0302 \ u043d \ u043d \ u043d \ u038d \ u043c \ u043e \ u0435 \ u0443 \ u0432 \ u0432 \ u034 \ u0 0 <u0438> u038f \ u0434 \ u0430 \ u040e \ u043a. \ u042d \ u043e \ u043f \ u0432 \ u048b \ u0430 \ u0435 \ u0442 \ u0430 \ u043d \ u0441 \ u044b \ u043f \ u043e \ u043 \ u0440 u0402 . \ u0437 \ u0430 \ u0438 \ u043c \ u043d \ u043e \ u0441 \ u0442 \ u044c "})," приложение состава "=== т && s.a.createElement ($ {secretMatchAllowed: e.state.secretMatchAllowed}), "Ловина-промо" === т && s.a.createElement (W, {secretMatchAllowed: e.state.secretMatchAllowed}), "секрет-симпатия" === т && 0 == о && s.a.createElement (X, {закончился: e.props.appEnded, граф: о}))}), this.props.appEnded && s.a.createElement ( "ДИВ", нулевой sacreateElement ($,

amarc...@mozilla.com

읽지 않음,
2020. 2. 27. 오후 1:13:3020. 2. 27.
받는사람
Hi everyone,

here is something more about cookies sameSite=lax by default.

In order to test this feature properly and to see the level of breakage introduced, we've decided to enable it in nightly.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1604212

This feature is partially covered by web-platform-tests:
https://searchfox.org/mozilla-central/source/testing/web-platform/tests/cookies/samesite-none-secure
https://searchfox.org/mozilla-central/source/testing/web-platform/tests/cookies/samesite

As you know, Chrome is already rolling out this feature: it's active for 1% of their population.

I filed a meta bug to collect breakages - https://bugzilla.mozilla.org/show_bug.cgi?id=1618610

francoel...@gmail.com

읽지 않음,
2020. 2. 29. 오전 8:15:5320. 2. 29.
받는사람
so che siete dei bugiardi e vi scopriranno presto i carabinieri

F R A N C I S

읽지 않음,
2020. 3. 2. 오전 2:30:1520. 3. 2.
받는사람
El jueves, 23 de mayo de 2019, 4:34:14 (UTC-4), Andrea Marchesini escribió:

kolony...@gmail.com

읽지 않음,
2020. 3. 5. 오후 3:45:1720. 3. 5.
받는사람
23 Mayıs 2019 Perşembe 11:34:14 UTC+3 tarihinde Andrea Marchesini yazdı:

yucaga...@gmail.com

읽지 않음,
2020. 3. 6. 오후 1:42:4020. 3. 6.
받는사람
eae galera
n tirem meu google de mim
porfavor

gabim...@gmail.com

읽지 않음,
2020. 3. 9. 오후 2:01:1020. 3. 9.
받는사람
בתאריך יום חמישי, 23 במאי 2019 בשעה 11:34:14 UTC+3, מאת Andrea Marchesini:

thale...@gmail.com

읽지 않음,
2020. 3. 11. 오후 8:03:2720. 3. 11.
받는사람
oooooooo aai mi pklasereeeee
3wwre33gtr
h23tytgm

gard...@gmail.com

읽지 않음,
2020. 3. 31. 오전 7:53:1020. 3. 31.
받는사람
On Thursday, May 23, 2019 at 4:34:14 AM UTC-4, Andrea Marchesini wrote:
who do we blame this one on ladies no one wants the truth for some reason

kyle.bl...@gmail.com

읽지 않음,
2020. 3. 31. 오후 2:38:5020. 3. 31.
받는사람

bb08...@gmail.com

읽지 않음,
2020. 4. 7. 오후 11:10:4620. 4. 7.
받는사람
Add me. Hhhh

tysoo...@gmail.com

읽지 않음,
2020. 4. 11. 오전 9:32:1020. 4. 11.
받는사람
در پنجشنبه 23 مهٔ 2019، ساعت 13:04:14 (UTC+4:30)، Andrea Marchesini نوشته:

maksga...@gmail.com

읽지 않음,
2020. 4. 13. 오후 12:40:4320. 4. 13.