~0.013% of cookies Chrome users received over the last ~month used the `SameSite` attribute to defend against CSRF: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 …
-
-
Also seriously: how do you expect `SameSite` cookies to work with suborigins? Do they act like subdomains, which are same-site? Or not?
-
Same-site, like subdomains. We could be fancy and consult 'unsafe-cookies' (s-s if present, otherwise cross-site) but it might be overkill.
-
Also, I realized
@ndm made the same suborigins joke 7 hours earlier...#smh#leadingfrombehind
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.