Post

Replies

Boosts

Views

Activity

CFNetwork not handling cookie attribute "SameSite=none" correctly in macOS <10.15
Google are starting to enforce stricter cookie handling in Chrome 80 next week. In researching this change it appears iOS 12 and below and macOS 10.14 and below have a core networking issue that prevents proper handling of the "Samesite=none" cookie attribute.It's reported that older versions of CFNetwork/Safari/Webkit erroneously handle "Samesite=none" as the equivalent of "Samesite=strict". This might have big consequences as web service providers start using the Samesite attribute more widely.There are details in the Webkit bug 198181 (now resolved) thread here: https://bugs.webkit.org/show_bug.cgi?id=198181Part way down is a reference to a CFNetwork/NSHTTPCookie fix for this issue under rdar://problem/42290578.However, other comments indicate that this fix is unlikely to be back ported to previous macOS &amp;amp;amp; iOS versions.Does anyone have a definitive answer as to whether iOS 11/12 and macOS 10.13/10.14 will recieve a fix for the cookie Samesite handling issue?
11
0
8.0k
Feb ’20