Quantcast

FYI: Same-site cookies.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

FYI: Same-site cookies.

Mike West-4
Hello, lovely TAG enthusiasts.

The last few times I've visited with y'all, we've chatted a bit about upcoming changes to cookies. I'd like to draw your attention to one in particular, as Alex suggested that it might be relevant to some discussions you're having regarding the same-origin policy.

We're planning on shipping a `SameSite` attribute (née "First-Party-Only" (née "First-Party")) in Chrome ~51 that aims to address CSRF and information leakage attacks. I'm pretty excited about it, and folks at Mozilla seem equally interested:

Spec: https://tools.ietf.org/html/draft-west-first-party-cookies

Intent to Ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg

Feedback from y'all on this feature or others that you might be interested in seeing would be totally welcome.

Thanks!

-mike
Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: FYI: Same-site cookies.

Daniel Appelquist-4
Hi Mike – FYI I turned this into a TAG issue here https://github.com/w3ctag/spec-reviews/issues/114 and we will discuss and assign this week at our f2f. Dan

On Fri, Mar 25, 2016 at 9:37 AM Mike West <[hidden email]> wrote:
Hello, lovely TAG enthusiasts.

The last few times I've visited with y'all, we've chatted a bit about upcoming changes to cookies. I'd like to draw your attention to one in particular, as Alex suggested that it might be relevant to some discussions you're having regarding the same-origin policy.

We're planning on shipping a `SameSite` attribute (née "First-Party-Only" (née "First-Party")) in Chrome ~51 that aims to address CSRF and information leakage attacks. I'm pretty excited about it, and folks at Mozilla seem equally interested:

Spec: https://tools.ietf.org/html/draft-west-first-party-cookies

Intent to Ship: https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/csCtW3M3-wg

Feedback from y'all on this feature or others that you might be interested in seeing would be totally welcome.

Thanks!

-mike
Loading...