cookie: SameSite default to Lax (IETF Incrementally Better Cookies)
cookie: Per IETF ongoing efforts for cookie incrementalism (as already released in Chrome 80, Firefox 96), set SameSite default value to Lax.
- https://datatracker.ietf.org/doc/html/draft-west-cookie-incrementalism-00
- https://mikewest.github.io/cookie-incrementalism/draft-west-cookie-incrementalism.html#section-3.1
IETF: "Incrementally Better Cookies" Expected Browser Behavior for cookies
- https://datatracker.ietf.org/doc/html/draft-west-cookie-incrementalism-00
-
https://httpwg.org/http-extensions/draft-ietf-httpbis-rfc6265bis.html and draft (expires 2023)
- Add a default enforcement value to the same-site-flag, equivalent to "SameSite=Lax":
Related:
Edited by Amanda Falke