From 56684365ba41fd2c61a1ec563df43e2693384855 Mon Sep 17 00:00:00 2001 From: Christian Biesinger Date: Wed, 10 Jul 2024 10:19:37 -0700 Subject: [PATCH] [FedCM] Send SameSite=Lax cookies, in addition to None See discussion in https://github.com/fedidcg/FedCM/issues/587 This is behind the FedCmSameSiteLax flag for now. Bug: 350944661 Change-Id: I3e5fe99b98560f680217cd3326ff66d290a5290f Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5675433 Reviewed-by: Yi Gu Commit-Queue: Christian Biesinger Reviewed-by: Charlie Reis Cr-Commit-Position: refs/heads/main@{#1325570} --- fedcm/support/accounts_check_same_site_strict.py | 1 + fedcm/support/token_check_same_site_strict.py | 1 + 2 files changed, 2 insertions(+) diff --git a/fedcm/support/accounts_check_same_site_strict.py b/fedcm/support/accounts_check_same_site_strict.py index 27a5d6a5b3e393b..7bab26d3e9b8eaf 100644 --- a/fedcm/support/accounts_check_same_site_strict.py +++ b/fedcm/support/accounts_check_same_site_strict.py @@ -7,6 +7,7 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + # TODO(crbug.com/350944661): We want to send these cookies. if request.cookies.get(b"same_site_lax") == b"1": return (547, [], "Should not send SameSite=Lax cookies") if request.headers.get(b"Sec-Fetch-Site") != b"cross-site": diff --git a/fedcm/support/token_check_same_site_strict.py b/fedcm/support/token_check_same_site_strict.py index f030b9b6fd5365b..20bdc5948776263 100644 --- a/fedcm/support/token_check_same_site_strict.py +++ b/fedcm/support/token_check_same_site_strict.py @@ -7,6 +7,7 @@ def main(request, response): return request_error if request.cookies.get(b"same_site_strict") == b"1": return (546, [], "Should not send SameSite=Strict cookies") + # TODO(crbug.com/350944661): We want to send these cookies. if request.cookies.get(b"same_site_lax") == b"1": return (547, [], "Should not send SameSite=Lax cookies")