~0.013% of cookies Chrome users received over the last ~month used the `SameSite` attribute to defend against CSRF: https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00 …
-
Show this thread
-
Replying to @mikewest @ivanristic
have you considered pushing it internally? Much higher Chrome adoption and could be blanket applied to many sites...
1 reply 0 retweets 1 like -
Replying to @mik235 @ivanristic
Indeed! Perhaps
@arturjanc and his team might be interested in poking at internal products? :)1 reply 0 retweets 1 like -
You know, SameSite cookies would go really well with suborigins...! (more seriously, they're on our radar, but Google is tricky)
1 reply 0 retweets 1 like -
Also seriously: how do you expect `SameSite` cookies to work with suborigins? Do they act like subdomains, which are same-site? Or not?
1 reply 0 retweets 2 likes -
Same-site, like subdomains. We could be fancy and consult 'unsafe-cookies' (s-s if present, otherwise cross-site) but it might be overkill.
1 reply 0 retweets 0 likes
Also, I realized @ndm made the same suborigins joke 7 hours earlier... #smh #leadingfrombehind
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.