|
@SimoAhava | |||||
|
An amazingly well written description of the upcoming SameSite cookie enforcement in Chrome 80.
If your org makes use of cross-origin cookie access, you’re running out of time to fix before Feb 4. troyhunt.com/promiscuous-co…
Via @troyhunt
|
||||||
|
||||||
|
John Wilander
@johnwilander
|
4. sij |
|
It’s not cross-origin cookies that are affected, it’s cross-site cookies.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
4. sij |
|
I was hoping no one would notice that
|
||
|
|
||
|
Rogue Photo
@amolitor99
|
4. sij |
|
Boy, remember the good old days when this was gonna be the standard? And when your browser was maybe not gonna run cross-origined code?
Of course, they'll "fix" the cookies, but still run code from wherever, but cookies are more important, right.
|
||
|
|
||
|
Simo Ahava
@SimoAhava
|
4. sij |
|
Also, this is a security move, not a privacy improvement. Cross-site tracking is still unimpeded as vendors can simply flag their trackers as SameSite=None;Secure.
|
||
|
|
||