Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default value of SameSite #36931

Open
gsnedders opened this issue Nov 22, 2024 · 3 comments · May be fixed by #36862
Open

Default value of SameSite #36931

gsnedders opened this issue Nov 22, 2024 · 3 comments · May be fixed by #36862
Assignees
@hamishwillee
Labels
Content:HTTP HTTP docs goal: completeness (Experiment label) Issues about content missing important/relevant details.

Comments

@gsnedders
Copy link

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

What specific section or headline is this issue about?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

What information was incorrect, unhelpful, or incomplete?

Lax: […] This is the default behavior if the SameSite attribute is not specified.

What did you expect to see?

Something about how the default behaviour varies between browsers.

Do you have any supporting links, references, or citations?

https://bugzilla.mozilla.org/show_bug.cgi?id=1618610#c17:

We won't be shipping samesitelax by default, so all of this breakage bugs can also be closed.

https://bugzilla.mozilla.org/show_bug.cgi?id=1617609#c23:

I think we can WONTFIX this

Do you have anything more you want to share?

No response

MDN metadata

Page report details
@gsnedders gsnedders added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Nov 22, 2024
@github-actions github-actions bot added the Content:HTTP HTTP docs label Nov 22, 2024
@hamishwillee hamishwillee removed the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Nov 24, 2024
@hamishwillee hamishwillee self-assigned this Nov 24, 2024
@hamishwillee
Copy link
Collaborator

hamishwillee commented Nov 25, 2024
edited
Loading

Thanks @gsnedders . MDN documents the spec and deviations from the spec are supposed to be caught by the compatibility data section. That is a policy of MDN, and is happening here:

image

Given Firefox is now saying this won't be adopted, I'm kind of interested to find out what, if anything, is happening to the spec https://bugzilla.mozilla.org/show_bug.cgi?id=1617609#c25
Depending on the answer I'll put the defaults for FF and iOS in the browser compat data.

Depending on the responses I may also add a note they might be different. I don't want to because the policy to put this in the browser data exists for a reason. But I can see it would be very easy to miss in this case.

@bsmth
Copy link
Member

bsmth commented Nov 25, 2024

Depending on the responses I may also add a note they might be different

Jumping in to say +1 to adding some info in the SameSite=Lax DL, pointing to the compat data, especially given default behavior if not specified.

@bsmth bsmth linked a pull request Nov 28, 2024 that will close this issue
chore(http): Refresh headers ~[s->x] #36862
Open
@hamishwillee
Copy link
Collaborator

FYI @bsmth is sorting this out in this bit #36862 (comment)

@caugner caugner added the goal: completeness (Experiment label) Issues about content missing important/relevant details. label Dec 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamishwillee hamishwillee

Labels
Content:HTTP HTTP docs goal: completeness (Experiment label) Issues about content missing important/relevant details.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore(http): Refresh headers ~[s->x] bsmth/content
4 participants
@gsnedders @caugner @hamishwillee @bsmth