content
content copied to clipboard
mdn
fix: Correct interpretation of SameSite=strict
Description
In the Set-Cookie documentation, the explanation for SameSite=Strict is inaccurate.
The specification for SameSite=Strict adds two restrictions base on Lax restriction,but rel=prerender had deprecated,Therefore, there is only one restriction: top-level navigation scene.
Document address:https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-cookie-same-site-00#section-4.1.1
Motivation
Additional details
Related issues and pull requests
Preview URLs
(comment last updated: 2024-07-12 13:42:36)
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Thanks for the suggestion! I'm inclined to keep the original here as I think it's more accurate. Even though rel=prerender is deprecated, it's used as an example (of a category of attack*) that SameSite=Lax won't prevent, so this doesn't change the definition of SameSite=Strict, IMO. I'm going to close this one, but if you think I've made a mistake, please let me know! Thank you :)
