You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by GitBox <gi...@apache.org> on 2020/01/10 08:24:26 UTC

[GitHub] [couchdb] willholley commented on issue #2221: Cookie from cross-site without SameSite attribute

willholley commented on issue #2221: Cookie from cross-site without SameSite attribute
URL: https://github.com/apache/couchdb/issues/2221#issuecomment-572925874
 
 
   I think the implication is that it will break CORS support, which must specify `SameSite=None; Secure` to continue being passed by Chrome. The default behaviour shouldn't break most CouchDB use cases but we could do better by setting `SameSite=Strict`. 
   
   We may also need a way to handle legacy clients, which is a bit [messy](https://web.dev/samesite-cookie-recipes/#handling-incompatible-clients). @rnewson it looks like you added the `SameSite` support to MochiWeb. Do you have more considered thoughts on this?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services