Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FF131 Secure attr must be set if SameSite=None #24275

Merged
merged 4 commits into from
Oct 3, 2024
Merged

FF131 Secure attr must be set if SameSite=None #24275

merged 4 commits into from
Oct 3, 2024

Conversation

hamishwillee
Copy link
Contributor

@hamishwillee hamishwillee commented Sep 3, 2024
edited
Loading

FF131 enables preference by default such that if SameSite=None the Secure attribute must be set in https://bugzilla.mozilla.org/show_bug.cgi?id=1909673

Unfortunately this required a little more than just replacing the pref subfeature with a version.

The pref was named "secure_context_required", which is incorrect for HTTP headers (it's reasonable for APIs though). The requirement is actually about what headers must be set, so I have renamed this to secure_required_if_none and put a proper description. Could also have moved this below the None option, but I think this level is better.

It would be good if we also had an entry for the Secure attribute, at the same level as HttpOnly. However I do not have support data for that.

Related docs work can be tracked in mdn/content#35697

@github-actions github-actions bot added the data:http Compat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTP label Sep 3, 2024
@hamishwillee hamishwillee mentioned this pull request Sep 3, 2024
Closed
8 tasks
@github-actions github-actions bot added the merge conflicts 🚧 This PR needs to merge latest "main" branch to resolve a merge conflict or other issue. label Sep 10, 2024
@github-actions GitHub Actions
Copy link

This pull request has merge conflicts that must be resolved before it can be merged.

@github-actions github-actions bot removed the merge conflicts 🚧 This PR needs to merge latest "main" branch to resolve a merge conflict or other issue. label Sep 10, 2024
@hamishwillee
Copy link
Contributor Author

@Elchi3 @queengooborg Could I please get a review on this - I did it about a month ago and the release is today.

caugner
caugner approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@caugner caugner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, but left one comment to consider. Feel free to ignore and merge.

http/headers/Set-Cookie.json Outdated Show resolved Hide resolved
@hamishwillee hamishwillee merged commit 310b58f into mdn:main Oct 3, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@caugner caugner caugner approved these changes

@foolip foolip Awaiting requested review from foolip

@Elchi3 Elchi3 Awaiting requested review from Elchi3

Assignees
No one assigned
Labels
data:http Compat data for HTTP features. https://developer.mozilla.org/docs/Web/HTTP
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hamishwillee @caugner