Bug 257845 - SameSite=None cookies are rejected unless the Secure attribute is set. Differences with other browsers
Summary: SameSite=None cookies are rejected unless the Secure attribute is set. Differ...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: https://samesite-sandbox.glitch.me
Keywords: BrowserCompat, InRadar, WPTImpact
Depends on:
Blocks:
 
Reported: 2023-06-07 22:27 PDT by Karl Dubost
Modified: 2023-06-12 16:07 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karl Dubost 2023-06-07 22:27:54 PDT 
Steps to reproduce: 

1. Go to https://samesite-sandbox.glitch.me

See differences in between Safari, Firefox Nightly and Chrome Canary

2. Go to https://samesitetest.com/

See differences in between Safari, Firefox Nightly and Chrome Canary

It would be good to figure out the differences and how it impacts web compatibility. 


Maybe that would explain some of the issues detected in the comments of Bug 255524


But this one seems to be an obvious one.
https://wpt.fyi/results/cookies/samesite-none-secure/cookies-without-samesite-must-be-secure.https.html?label=master&label=experimental&aligned&q=samesite

Also 
https://wpt.fyi/results/cookies/samesite?label=master&label=experimental&aligned&q=samesite
Comment 1 Radar WebKit Bug Importer 2023-06-07 22:28:04 PDT 
<rdar://problem/110442616>