1 Reply
      Latest reply on Feb 14, 2020 1:58 AM by eskimo
      David Westcott Level 1 Level 1 (0 points)

        Google are starting to enforce stricter cookie handling in Chrome 80 next week. In researching this change it appears iOS 12 and below and macOS 10.14 and below have a core networking issue that prevents proper handling of the "Samesite=none" cookie attribute.

         

        It's reported that older versions of CFNetwork/Safari/Webkit erroneously handle "Samesite=none" as the equivalent of "Samesite=strict". This might have big consequences as web service providers start using the Samesite attribute more widely.

         

        There are details in the Webkit bug 198181 (now resolved) thread here: https://bugs.webkit.org/show_bug.cgi?id=198181

         

        Part way down is a reference to a CFNetwork/NSHTTPCookie fix for this issue under rdar://problem/42290578.

         

        However, other comments indicate that this fix is unlikely to be back ported to previous macOS & iOS versions.

         

         

        Does anyone have a definitive answer as to whether iOS 11/12 and macOS 10.13/10.14 will recieve a fix for the cookie Samesite handling issue?

        • Re: CFNetwork not handling cookie attribute "SameSite=none" correctly  in macOS <10.15
          eskimo Apple Staff Apple Staff (12,975 points)

          Does anyone have a definitive answer as to whether iOS 11/12 and macOS 10.13/10.14 will recieve a fix for the cookie Samesite handling issue?

          You generally won’t get an answer to questions like this on DevForums.  Those folks who don’t know, including myself, can only speculate.  And any Apple folks who do know won’t make announcements like that here.

          My experience is that Apple only ships software updates for old iOS versions to deal with critical security problems.  Given that, I’d be very surprised if there was fix for this for pre-iOS 13 releases.

          Software updates for old Mac releases have a little more latitude.  If you’d like to see this bug fix (r. 42290578) on older macOS releases, you should file your own bug report requesting that.

          Please post your bug number, just for the record.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"