WordPress.org

Make WordPress Core

Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#48183 closed defect (bug) (duplicate)

Chrome SameSite Cookies - Investigate what could possible go wrong

Reported by: danielkanchev Owned by:
Milestone: Priority: normal
Severity: major Version: 5.2.3
Component: Login and Registration Keywords: needs-testing
Focuses: multisite Cc:
PR Number:

Description

This is more an awareness ticket and not a bug. Still, I consider this to be very important for core, plugins devs and themes devs, as well as integrations which rely on cookies.

With Chrome 80 a SameSite attribute is introduced. It will be set to SameSite=Lax by default unless devs of sites set it to Strict or None. Details here:

https://www.chromestatus.com/feature/5088147346030592
https://web.dev/samesite-cookies-explained

It is important to:

  1. Check if this affects WordPress core - single and multi-site.
  2. Properly communicate this with plugins/themes devs.

Feel free to edit this ticket in case it is not in the correct category, etc.

Change History (3)

This ticket was mentioned in Slack in #hosting-community by daniel_kanchev. View the logs.


2 months ago

#2 @johnbillion
2 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Thanks for the report @danielkanchev! We've got #37000 already, I'll close this as a dupe so we can keep the discussion in one place.

#3 @danielkanchev
2 months ago

Thanks for the info @johnbillion I am glad you are aware of this. Thanks!

Note: See TracTickets for help on using tickets.