http-extensions icon indicating copy to clipboard operation
http-extensions copied to clipboard

Published 20 hours ago verified publisher icon httpwg

Remove consideration of same-site redirect chain

Open sbingler opened this issue 11 months ago • 1 comments

Closes #2104

This PR removes the requirement of checking the request's redirect chain during the computation of same-site-ness.

This is being done because RFC6265bis is blocked by this work but we have yet to find a way to implement it in a web compatible way. In the interest of moving RFC6265bis forward the requirement is being removed.

sbingler avatar Mar 07 '24 16:03 sbingler

The work to re-add the requirement back into RFC6265tris is being track by issue #2751

sbingler avatar Mar 07 '24 16:03 sbingler

It surprises me we didn't implement this. I though we did. :/

Yeah, we did implement this - but we had to back it out (and re-spin stable, IIRC?) because it broke too many sites. :(

miketaylr avatar Mar 13 '24 16:03 miketaylr

Correct, Chrome had to disable the change. Firefox had a similar experience.

sbingler avatar Mar 13 '24 17:03 sbingler