aholmn
commented
4 years ago In latest chrome the new default is LAX when its left out.
Closed aholmn closed 3 years ago
aholmn
commented
4 years ago In latest chrome the new default is LAX when its left out.
essen
commented
4 years ago OK for future reference https://www.chromestatus.com/feature/5088147346030592 has the details.
aholmn
commented
4 years ago Does it make sense, because else you wont be able to get Samesite=None in later versions of chrome, which will make it impossible to make POST request with cookies for example in an iframe to another domain.
essen
commented
4 years ago Yes the PR is fine, not counting the whitespace. I'm currently busy with Gun so I'll merge when I get back to Cowboy/Cowlib matters.
essen
commented
3 years ago Merged, thanks!
Why?
Also even if the value
nonewas allowed, nothing should be sent, because sending nothing is the same as sending "None" or any other value that's different from "Strict" or "Lax". See https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#the-samesite-attribute