SameSite cookie tests seem to rely on third-party cookies being allowed

[gsnedders]

see, e.g., these results on wpt.fyi

"Cross-site fetches are cross-site" fails in Safari with: assert_equals: SameSite=None cookies are always sent. expected (string) "0.17879251053118983" but got (undefined) undefined

This is the expected behaviour in Safari, and is compliant with draft-ietf-httpbis-rfc6265bis-11:

While this document does not endorse or require a specific approach, it is RECOMMENDED that user agents adopt a policy for third-party cookies that is as restrictive as compatibility constraints permit. Consequently, resources cannot rely upon third-party cookies being treated consistently by user agents for the foreseeable future.

[johnwilander]

Thanks for filing, Sam! Ping @mikewest.

[mikewest]

I agree that we should probably update these tests to accept a broader range of reasonable results. It would likely be a good idea to incorporate storage access API tests here as well to validate behavior for those browsers that block by default but enable after a prompt.

Do y'all have concrete suggestions for changes?