Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

wrong description about SameSite: None #15893

Closed
yin1999 opened this issue May 11, 2022 · 1 comment · Fixed by #15902
Closed

wrong description about SameSite: None #15893

yin1999 opened this issue May 11, 2022 · 1 comment · Fixed by #15902
Assignees
@yin1999
Labels
Content:HTTP HTTP docs

Comments

@yin1999
Copy link
Member

yin1999 commented May 11, 2022
edited
Loading

MDN URL

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

What specific section or headline is this issue about?

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#none

What information was incorrect, unhelpful, or incomplete?

The description is: Cookies will be sent in all contexts, i.e. in responses to both first-party and cross-origin requests, but I think it should be cross-site not cross-origin (the port in origin doesn't matter).

It's about the discussion I'vs made in mdn/translated-content#3096. I've made a test. And found that:

  • Strict: the cookie was sent only in first-party, and it will not be sent when we jump into first-party site from a third-party site (only the jump request)
  • Lax: the cookie was sent only in first-party, but different with Strict, it will be sent when we jump into first-party site from a third-party site
  • None: the cookie was sent when we are in the third-party, when the third-party site has refer some resources (images, etc) that are from the site which owns those cookie.

What did you expect to see?

This description should be Cookies will be sent in all contexts, i.e. in responses to both first-party and cross-site requests

If it's ok, I'd like to deal with this.

Do you have any supporting links, references, or citations?

Do you have anything more you want to share?

No response

MDN metadata

Page report details
@github-actions github-actions bot added the needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. label May 11, 2022
@yin1999 yin1999 mentioned this issue May 11, 2022
Merged
@sideshowbarker
Copy link
Member

If it's ok, I'd like to deal with this.

Yes, please

@sideshowbarker sideshowbarker added Content:HTTP HTTP docs and removed needs triage Triage needed by staff and/or partners. Automatically applied when an issue is opened. labels May 11, 2022
@yin1999 yin1999 mentioned this issue May 11, 2022
Merged
1 task
@yin1999 yin1999 mentioned this issue Jul 12, 2022
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@yin1999 yin1999

Labels
Content:HTTP HTTP docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

correct the description about SameSite: None
2 participants
@sideshowbarker @yin1999