Re: [whatwg/fetch] SameSite cookies aren't sent on credentialed CORS requests (#769) from arturjanc on 2019-01-31 (public-webapps-github@w3.org from January 2019)

From: arturjanc <notifications@github.com>
Date: Thu, 31 Jan 2019 07:26:50 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/769/459385475@github.com>

One possible workaround is to use two authentication cookies, one regular and one marked as `SameSite`. On most endpoints your authentication code would require both cookies to be present, but for requests to endpoints which expect CORS requests you could only authenticate the user with the regular, non-SameSite cookie.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/769#issuecomment-459385475

Received on Thursday, 31 January 2019 15:27:11 UTC