- From: Ben Kelly <notifications@github.com>
- Date: Tue, 12 Oct 2021 08:47:26 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 12 October 2021 15:47:38 UTC
Well, I'm not sure if "site for cookies" is adequate to populate `origin` and `sec-fetch-site` headers. I guess what you are saying is if we have A frames B1 and then B1 navigates to B2, then SameSite=strict cookies should not be sent for the B2 request. I guess we would need to propagate "site for cookies" as well. I'm not sure how hard that would be implementation-wise, though. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1321#issuecomment-941137796
Received on Tuesday, 12 October 2021 15:47:38 UTC