-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Mention SameSite cookies in accounts fetch #550
base: main
Are you sure you want to change the base?
Conversation
This PR aligns the spec with the Chrome implementation. But there is some feedback that we may need to change the implementation on #587. We can either keep this PR pending the resolution of that or land it and possibly address the changes from that later. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Section 2 ("The Browser API") says that "unpartitioned cookies are included, as if the resource was loaded as a same-origin request, e.g. regardless of the SameSite value". That should probably be updated too?
This PR adds a mention to which cookies ought to be sent in the accounts fetch. Once cookie layering work is done, we can remove this note and properly specify it.
69fdf09
to
5d4f161
Compare
Updated, ptal |
Co-authored-by: Ted Thibodeau Jr <[email protected]>
This PR adds a mention to which cookies ought to be sent in the accounts fetch. Once cookie layering work is done, we can remove this note and properly specify it.
Relevant issue: #609
Preview | Diff