Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default value of SameSite #36931

Open
gsnedders opened this issue Nov 22, 2024 · 2 comments
Open

Default value of SameSite #36931

gsnedders opened this issue Nov 22, 2024 · 2 comments
Assignees
@hamishwillee
Labels
Content:HTTP HTTP docs

Comments

@gsnedders
Copy link

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie

What specific section or headline is this issue about?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie#samesitesamesite-value

What information was incorrect, unhelpful, or incomplete?

Lax: […] This is the default behavior if the SameSite attribute is not specified.

What did you expect to see?

Something about how the default behaviour varies between browsers.

Do you have any supporting links, references, or citations?

https://bugzilla.mozilla.org/show_bug.cgi?id=1618610#c17:

We won't be shipping samesitelax by default, so all of this breakage bugs can also be closed.

https://bugzilla.mozilla.org/show_bug.cgi?id=1617609#c23:

I think we can WONTFIX this

Do you have anything more you want to share?

No response

MDN metadata

Page report details
@gsnedders gsnedders added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Nov 22, 2024
@github-actions github-actions bot added the Content:HTTP HTTP docs label Nov 22, 2024
@hamishwillee hamishwillee removed the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label Nov 24, 2024
@hamishwillee hamishwillee self-assigned this Nov 24, 2024
@hamishwillee
Copy link
Collaborator

hamishwillee commented Nov 25, 2024
edited
Loading

Thanks @gsnedders . MDN documents the spec and deviations from the spec are supposed to be caught by the compatibility data section. That is a policy of MDN, and is happening here:

image

Given Firefox is now saying this won't be adopted, I'm kind of interested to find out what, if anything, is happening to the spec https://bugzilla.mozilla.org/show_bug.cgi?id=1617609#c25
Depending on the answer I'll put the defaults for FF and iOS in the browser compat data.

Depending on the responses I may also add a note they might be different. I don't want to because the policy to put this in the browser data exists for a reason. But I can see it would be very easy to miss in this case.

@bsmth
Copy link
Member

bsmth commented Nov 25, 2024

Depending on the responses I may also add a note they might be different

Jumping in to say +1 to adding some info in the SameSite=Lax DL, pointing to the compat data, especially given default behavior if not specified.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hamishwillee hamishwillee

Labels
Content:HTTP HTTP docs
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gsnedders @hamishwillee @bsmth