Hi Mike – FYI I turned this into a TAG issue here
https://github.com/w3ctag/spec-reviews/issues/114 and we will discuss and
assign this week at our f2f. Dan
On Fri, Mar 25, 2016 at 9:37 AM Mike West <mkwst@google.com> wrote:
> Hello, lovely TAG enthusiasts.
>
> The last few times I've visited with y'all, we've chatted a bit about
> upcoming changes to cookies. I'd like to draw your attention to one in
> particular, as Alex suggested that it might be relevant to some discussions
> you're having regarding the same-origin policy.
>
> We're planning on shipping a `SameSite` attribute (née "First-Party-Only"
> (née "First-Party")) in Chrome ~51 that aims to address CSRF and
> information leakage attacks. I'm pretty excited about it, and folks at
> Mozilla seem equally interested:
>
> Spec: https://tools.ietf.org/html/draft-west-first-party-cookies
>
> Intent to Ship:
> https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg
>
> Feedback from y'all on this feature or others that you might be interested
> in seeing would be totally welcome.
>
> Thanks!
>
> -mike
>