Email or username:

Password:

Forgot your password?
Top-level
Simon Willison

@jyasskin sadly that doesn’t cover the deeper issue of what happens if you send set-cookie without a SameSite attribute at all - or weird undocumented edge-cases like what changes if a Safari user turns on “Prevent Cross-Site Tracking”

1 comment
Jeffrey Yasskin

@simon My understanding of "Defaults to Lax" is that it's a description of what happens "if you send set-cookie without a SameSite attribute at all", but I admit that I don't know what the maintainers are actually testing when they update this entry, and I can't find any documentation that says explicitly.

+1 that user settings are much less evenly covered, although there's a field for it in the data format that's used for the Firefox setting: github.com/mdn/browser-compat-.

@simon My understanding of "Defaults to Lax" is that it's a description of what happens "if you send set-cookie without a SameSite attribute at all", but I admit that I don't know what the maintainers are actually testing when they update this entry, and I can't find any documentation that says explicitly.

Go Up