Strict – The browser will only send cookies for same-site requests (i.e., requests originating from the site that set the cookie).None – The browser will send cookies with both cross-site and same-site requests.The attribute can have any of the following values: SameSite is an attribute on cookies that allows web developers to declare that a cookie should be restricted to a first-party, or same-site, context. And we are strongly encouraging all web developers to test their sites with the new default. At Mozilla, we are slowly introducing this change. However, some web sites may depend (even unknowingly) on the old default, potentially resulting in breakage for those sites. This will greatly improve security for users.
We are changing the default value of the SameSite attribute for cookies from None to Lax.
0 kommentar(er)
