You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
SameSite=strict cookies are only sent for requests from a first-party context. SameSite=lax cookies are sent for first-party requests, as well as for top-level navigations. If you use only a single cookie then it probably needs to be SameSite=lax to support navigating to a site from a third-party site or email link (Gmail wraps all links in a redirect through a URL checker).
I wondered if it could be good for a new option in wrap-session to set and read two kinds of cookies? ring-session-safe; SameSite=lax which would be used for GET/HEAD requests, and ring-session-unsafe; SameSite=strict which would be used for PUT/POST/DELETE/PATCH requests.
The text was updated successfully, but these errors were encountered:
SameSite=strict cookies are only sent for requests from a first-party context. SameSite=lax cookies are sent for first-party requests, as well as for top-level navigations. If you use only a single cookie then it probably needs to be SameSite=lax to support navigating to a site from a third-party site or email link (Gmail wraps all links in a redirect through a URL checker).
I wondered if it could be good for a new option in
wrap-sessionto set and read two kinds of cookies?ring-session-safe; SameSite=laxwhich would be used for GET/HEAD requests, andring-session-unsafe; SameSite=strictwhich would be used for PUT/POST/DELETE/PATCH requests.The text was updated successfully, but these errors were encountered: