We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation .
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement . We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SameSite=strict cookies are only sent for requests from a first-party context. SameSite=lax cookies are sent for first-party requests, as well as for top-level navigations. If you use only a single cookie then it probably needs to be SameSite=lax to support navigating to a site from a third-party site or email link (Gmail wraps all links in a redirect through a URL checker).
I wondered if it could be good for a new option in wrap-session to set and read two kinds of cookies? ring-session-safe; SameSite=lax which would be used for GET/HEAD requests, and ring-session-unsafe; SameSite=strict which would be used for PUT/POST/DELETE/PATCH requests.
wrap-session
ring-session-safe; SameSite=lax
ring-session-unsafe; SameSite=strict
The text was updated successfully, but these errors were encountered:
No branches or pull requests