Re: [whatwg/fetch] SameSite cookies aren't sent on credentialed CORS requests (#769) from Thayne McCombs on 2021-03-11 (public-webapps-github@w3.org from March 2021)

From: Thayne McCombs <notifications@github.com>
Date: Thu, 11 Mar 2021 10:28:30 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/769/796948844@github.com>

> If you squint a bit, this is more or less what I proposed in https://tools.ietf.org/html/draft-west-cookie-samesite-firstparty.

Kind of. Except that it depends on "First party sets" which can only be defined once for the entire site. Whereas my proposal allows more granular control over which domains are allowed to make requests containing each cookie. 

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/769#issuecomment-796948844

Received on Thursday, 11 March 2021 18:28:43 UTC