Security/SameSiteCookies: Difference between revisions
< Security
Jump to navigation
Jump to search
(Add bugs section) |
(Add Spec bugs and tests) |
||
| Line 22: | Line 22: | ||
|} | |} | ||
= Bugs = | = Implementation Bugs = | ||
{| class="wikitable sortable" | {| class="wikitable sortable" | ||
| Line 37: | Line 37: | ||
|- | |- | ||
| {{nbug|1454242}} || Stop relying on NS_IsSameSiteForeign || Christoph || Yes || Yes || Yes | | {{nbug|1454242}} || Stop relying on NS_IsSameSiteForeign || Christoph || Yes || Yes || Yes | ||
|} | |||
= Specification Bugs = | |||
{| class="wikitable" | |||
|- | |||
! Link !! Description !! Assignee !! Done | |||
|- | |||
| [https://github.com/httpwg/http-extensions/pull/574 http-extensions #574] || Inconsistency in handling of invalid attribute values || Francois || Yes | |||
|} | |||
= Tests = | |||
{| class="wikitable sortable" | |||
|- | |||
! Bug !! Description !! Assignee !! In 61 !! In 60 !! Required | |||
|- | |||
| {{nbug|1454605}} || Investigate "WPT" failures || - || No || No || No | |||
|- | |||
| {{nbug|1454721}} || Test about:blank and about:srcdoc || Christoph || '''<font color="red">No</font>''' || '''<font color="red">No</font>''' || Yes | |||
|- | |||
| - || Fix [https://github.com/mikewest/rfc6265-biz rfc6265-biz] invalid attribute tests || - || - || - || No | |||
|} | |} | ||
Revision as of 22:20, 17 April 2018
SameSite is a new cookie attribute which prevents the browser from sending cookies along with cross-site requests and provides a layer of protection against cross-site request forgery attacks.
Implementation
| Bug | Description | Assignee | In 61 | In 60 | Required |
|---|---|---|---|---|---|
| 1286858 | Cookie storage | Mark | Yes | Yes | Yes |
| 1286861 | Pass data via GetCookieString | Christoph | Yes | Yes | Yes |
| 1452496 | Block setting in cross-origin contexts | Christoph | Yes | Yes | Yes |
| 1452699 | Gating pref | Francois | Yes | No | Yes |
| 1454723 | Support for sandboxed iframes | - | - | - | No |
Implementation Bugs
| Bug | Description | Assignee | In 61 | In 60 | Required |
|---|---|---|---|---|---|
| 1430803 | Invalid SameSite attributes | Francois | Yes | Yes | Yes |
| 1453814 | Bypass via redirects | Christoph | Yes | Yes | Yes |
| 1453818 | Bypass in reader mode | Francois | No | No | No |
| 1454027 | Bypass in links within iframes | Christoph | No | No | Yes |
| 1454242 | Stop relying on NS_IsSameSiteForeign | Christoph | Yes | Yes | Yes |
Specification Bugs
| Link | Description | Assignee | Done |
|---|---|---|---|
| http-extensions #574 | Inconsistency in handling of invalid attribute values | Francois | Yes |
Tests
| Bug | Description | Assignee | In 61 | In 60 | Required |
|---|---|---|---|---|---|
| 1454605 | Investigate "WPT" failures | - | No | No | No |
| 1454721 | Test about:blank and about:srcdoc | Christoph | No | No | Yes |
| - | Fix rfc6265-biz invalid attribute tests | - | - | - | No |