Please add support of the "SameSite=None" too, not only the "Lax" and "Strict"

madmurphy / cookies.js

Simple cookie framework with full Unicode support

GNU General Public License v3.0

264 stars 54 forks source link

Please add support of the "SameSite=None" too, not only the "Lax" and "Strict" #23

Open Serrin opened 4 years ago

Serrin commented 4 years ago

This will be optional in Chrome.

"Cookies marked SameSite=None should also be marked Secure." https://www.chromestatus.com/feature/5088147346030592

madmurphy commented 4 years ago

Thank you, Serrin. But I think it's too early. The feature is still experimental and browsers' behavior is likely going to change. However I will keep an eye on this feature.

--madmurphy

Serrin commented 4 years ago

Thank you!

Shalelol commented 4 years ago

If you begin work on this. Please pay attention to the backwards compatibility advice provided by chromium here: https://www.chromium.org/updates/same-site/incompatible-clients

I spent some typing this up as I'll need to use this soon. Please note at this point in time this is completely untested: https://gist.github.com/Shalelol/be2a1d1024c4858e8356047677e40b64