Closed aholmn closed 3 years ago
In latest chrome the new default is LAX when its left out.
OK for future reference https://www.chromestatus.com/feature/5088147346030592 has the details.
Does it make sense, because else you wont be able to get Samesite=None in later versions of chrome, which will make it impossible to make POST request with cookies for example in an iframe to another domain.
Yes the PR is fine, not counting the whitespace. I'm currently busy with Gun so I'll merge when I get back to Cowboy/Cowlib matters.
Merged, thanks!
Why?
Also even if the value
none
was allowed, nothing should be sent, because sending nothing is the same as sending "None" or any other value that's different from "Strict" or "Lax". See https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html#the-samesite-attribute