W3C home > Mailing lists > Public > www-tag@w3.org > March 2016

FYI: Same-site cookies.

From: Mike West <mkwst@google.com>
Date: Fri, 25 Mar 2016 10:30:58 +0100
Message-ID: <CAKXHy=ewamnHAYfozCPxaKVYrVhA88ys=NQu6V8UpmP8hSQWpw@mail.gmail.com>
To: "www-tag@w3.org List" <www-tag@w3.org>
Cc: Alex Russell <slightlyoff@google.com>, Mark Nottingham <mnot@mnot.net>
Hello, lovely TAG enthusiasts.

The last few times I've visited with y'all, we've chatted a bit about
upcoming changes to cookies. I'd like to draw your attention to one in
particular, as Alex suggested that it might be relevant to some discussions
you're having regarding the same-origin policy.

We're planning on shipping a `SameSite` attribute (née "First-Party-Only"
(née "First-Party")) in Chrome ~51 that aims to address CSRF and
information leakage attacks. I'm pretty excited about it, and folks at
Mozilla seem equally interested:

Spec: https://tools.ietf.org/html/draft-west-first-party-cookies

Intent to Ship:
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg

Feedback from y'all on this feature or others that you might be interested
in seeing would be totally welcome.

Thanks!

-mike
Received on Friday, 25 March 2016 09:31:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:57:13 UTC