Closed inexorabletash closed 4 years ago
Thanks for this issue @inexorabletash
I agree, this requirement to be “secure” during cross-site seems a positive change to move towards usages of more secure cookies.
Created an implementation issue for Chromium here. Although the implementation details may change depending on the outcome of this issue on removing the secure
option and not allowing non-secure. If so, I will update this issue, and the implementation ticket accordingly.
Per https://tools.ietf.org/html/draft-west-cookie-incrementalism-00
This would manifest in the "set a cookie" steps as a check/failure.
Wording depends on the outcome of https://github.com/WICG/cookie-store/issues/102
cc: @chlily1 @oyiptong @pwnall