Bug 257845

Summary: SameSite=None cookies are rejected unless the Secure attribute is set. Differences with other browsers
Product: WebKit Reporter: Karl Dubost <karlcow>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: achristensen, cbilling, webkit-bug-importer, wilander, youennf
Priority: P2 Keywords: BrowserCompat, InRadar, WPTImpact
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
URL: https://samesite-sandbox.glitch.me
See Also: https://bugs.webkit.org/show_bug.cgi?id=255524

Description Karl Dubost 2023-06-07 22:27:54 PDT 
Steps to reproduce: 

1. Go to https://samesite-sandbox.glitch.me

See differences in between Safari, Firefox Nightly and Chrome Canary

2. Go to https://samesitetest.com/

See differences in between Safari, Firefox Nightly and Chrome Canary

It would be good to figure out the differences and how it impacts web compatibility. 


Maybe that would explain some of the issues detected in the comments of Bug 255524


But this one seems to be an obvious one.
https://wpt.fyi/results/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html?label=master&label=experimental&aligned&q=samesite

Also 
https://wpt.fyi/results/cookies/samesite?label=master&label=experimental&aligned&q=samesite
Comment 1 Radar WebKit Bug Importer 2023-06-07 22:28:04 PDT 
<rdar://problem/110442616>