You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When third-party cookies (3PC) are blocked by Chrome and Firefox, contexts with the Content-Security-Policy: sandbox header or <iframe> sandbox attribute are no longer able to use SameSite=None cookies. The frame must include the allow-same-origin value to use cookies, which relaxes many security protections including the opaque origin.
We want to restore existing behavior and enable a frame to signal the browser to include SameSite=None cookies in first-party requests from sandboxed frames when 3PC restrictions are active with the allow-same-site-none-cookies value
The text was updated successfully, but these errors were encountered:
WebKittens
@annevk
Title of the proposal
Allowing SameSite=None Cookies in First-Party Sandboxed Contexts
URL to the spec
whatwg/html#10915
URL to the spec's repository
https://github.com/whatwg/html
Issue Tracker URL
No response
Explainer URL
https://github.com/explainers-by-googlers/csp-sandbox-allow-same-site-none-cookies
TAG Design Review URL
w3ctag/design-reviews#1004
Mozilla standards-positions issue URL
mozilla/standards-positions#1165
WebKit Bugzilla URL
No response
Radar URL
No response
Description
When third-party cookies (3PC) are blocked by Chrome and Firefox, contexts with the
Content-Security-Policy: sandboxheader or <iframe>sandboxattribute are no longer able to useSameSite=Nonecookies. The frame must include theallow-same-originvalue to use cookies, which relaxes many security protections including the opaque origin.We want to restore existing behavior and enable a frame to signal the browser to include
SameSite=Nonecookies in first-party requests from sandboxed frames when 3PC restrictions are active with theallow-same-site-none-cookiesvalueThe text was updated successfully, but these errors were encountered: