SameSite
is a new cookie attribute which prevents the browser from sending cookies along with cross-site requests and provides a layer of protection against cross-site request forgery attacks.
Implementation
Bug |
Description |
Assignee |
In 61 |
In 60 |
Required
|
1286858 |
Cookie storage and attribute parsing |
Mark |
Yes |
Yes |
Yes
|
1286861 |
Pass data via GetCookieString |
Christoph |
Yes |
Yes |
Yes
|
1452496 |
Block setting in cross-origin contexts |
Christoph |
Yes |
Yes |
Yes
|
1452699 |
Gating pref |
Francois |
Yes |
Yes |
Yes
|
Implementation Bugs
Bug |
Description |
Assignee |
In 61 |
In 60 |
Required
|
1430803 |
Invalid SameSite attributes |
Francois |
Yes |
Yes |
Yes
|
1453814 |
Bypass via redirects |
Christoph |
Yes |
Yes |
Yes
|
1453818 |
Bypass in reader mode |
Francois |
Yes |
Yes |
No
|
1454027 |
Bypass in links within iframes |
Christoph |
Yes |
Yes |
Yes
|
1454242 |
Stop relying on NS_IsSameSiteForeign |
Christoph |
Yes |
Yes |
Yes
|
1454723 |
Handle sandboxed iframes correctly |
- |
- |
- |
No
|
1454914 |
Don't treat WebExtensions load as foreign |
Christoph |
Yes |
Yes |
Yes
|
1455174 |
Inconsistencty with drag n' drop |
- |
- |
- |
No
|
1455342 |
Bypass via Save As |
- |
- |
- |
No
|
1456106 |
Bypass via Flash |
- |
- |
- |
No
|
1456652 |
Reader mode bypass |
Gijs |
Yes |
- |
No
|
Specification Bugs
Link |
Description |
Assignee |
Done
|
http-extensions #574 |
Inconsistency in handling of invalid attribute values |
Francois |
Yes
|
Tests
Bug |
Description |
Assignee |
In 61 |
In 60 |
Required
|
1454605 |
Investigate "WPT" failures |
- |
- |
- |
No
|
1454721 |
Test about:blank and about:srcdoc |
Christoph |
Yes |
- |
No
|
1455162 |
Test about: URLs with and without same-site.enabled |
Francois |
Yes |
- |
No
|
1455406 |
Convert test_same_site_cookies_webextension to an xpcshell test |
- |
- |
- |
No
|
1456407 |
Test meta refresh |
Yes |
- |
- |
No
|
1456408 |
Test redirected top-level pages |
- |
- |
- |
No
|
- |
Fix rfc6265-biz invalid attribute tests |
- |
- |
- |
No
|
Developer Documentation
Link |
Description |
Assignee |
Done
|
1452715 |
Devtools side-panel |
- |
No
|
1454781 |
Console warning |
- |
No
|
2018-04-24 |
Announcement blog post |
- |
Yes
|