Implement the `SameSite` cookie attribute
Originator: | DanFabulich | ||
Number: | rdar://27196358 | Date Originated: | 2016-07-06 |
Status: | Resolved: | ||
Product: | Safari | Product Version: | |
Classification: | Feature (New) | Reproducible: | Not Applicable |
https://bugs.webkit.org/show_bug.cgi?id=159464 https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site defines a `SameSite` cookie attribute which allows servers to mitigate the risk of cross-site request forgery attacks, as well as some kinds of cross-origin information leakage. Chrome shipped this feature in 51 (https://bugs.chromium.org/p/chromium/issues/detail?id=459154#c32), Firefox is working on an implementation (https://bugzilla.mozilla.org/show_bug.cgi?id=795346). It would be lovely if WebKit could do the same.
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!