geckodriver icon indicating copy to clipboard operation
geckodriver copied to clipboard

Published 20 hours ago verified publisher icon mozilla

Should not set SameSite Cookie when secure is false

Open titusfortner opened this issue 4 years ago • 1 comments

System

  • Version: 0.29
  • Platform: Mac
  • Firefox: 84.0.2
  • Selenium: 4 alpha

According to the spec:

If the cookie's "same-site-flag" is "None", abort these steps and ignore the cookie entirely unless the cookie's secure-only- flag is true.

Except this is not the current behavior:

2021-02-04 22:31:45 INFO Selenium -> POST session/b6180926-1817-b04d-9911-6d13bbb0aa38/url
2021-02-04 22:31:45 INFO Selenium    >>> {"url":"http://watir.com"}
2021-02-04 22:31:46 INFO Selenium <- {"value":null}
2021-02-04 22:31:46 INFO Selenium -> POST session/b6180926-1817-b04d-9911-6d13bbb0aa38/cookie
2021-02-04 22:31:46 INFO Selenium    >>>  {"cookie":{"name":"samesite","value":"None","secure":false,"sameSite":"None"}}
2021-02-04 22:31:46 INFO Selenium <- {"value":null}

titusfortner avatar Feb 05 '21 04:02 titusfortner

So it looks like webdriver spec says I should only be setting "Secure" or "Lax" and that "None" is what happens when neither of those are set. I'm guessing the cookie spec has to do with how Firefox itself implements its defaults?

titusfortner avatar May 08 '22 00:05 titusfortner