search

alexedwards / scs

HTTP Session Management for Go
MIT License
2.02k stars 165 forks source link

support partitioned CHIPS cookies #183

Open gregwebs opened 8 months ago

gregwebs commented 8 months ago

Chrome warns about cross-domain cookies.

Cookie set in cross-site context will be blocked in future Chrome versions
In a future version of the browser, cookies marked with SameSite=None; Secure and not Partitioned will be blocked in cross-site context. This behavior protects user data from cross-site tracking.

The go standard library doesn't yet support this, but in the end a cookie is just a simple header that SCS could append to.

alexedwards commented 8 months ago

I'd be happy to add this, but I'm wary of changing the public API of the SessionCookie type until we know exactly what the implementation will look like in net/http. Let's keep this issue open, but label it as blocked for now.

papidb commented 2 months ago

Hi @alexedwards is there a way to set this using the library?