New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for 'partitioned' attribute to set_cookie() #2213
Comments
Hi, Another google only thing.. Thanks for reporting, I was not aware of this new feature.
Is this the suggested behavior in the spec? Some more link from mdn
PR are welcome |
I'm not convinced we should support every Google-specific thing, but if CPython accepts the referenced PR, this is good enough for us too I guess. |
an alternative could be to add an open ended |
That's a good idea too @CaselIT, but we probably need to monkey-patch older Python stdlib in any case, as we already do/did for |
You know Chrome has already started rejecting cookies with samesite=None. In addition to Chrome, Firefox also supports the Partitioned attribute, despite this, as it shows this.
Safari developers seem to be going to support the Partitioned attribute. Automatic addition of the Partitioned attribute is safe for most users. However, sometimes it may be overkill for certain use cases. If the user gives permission against SAA, cookies with samesite=None and without Partitioned can be used, for example, for keeping login status among multiple sites. So, how about a combination of the following two measures? This is automatic but customizable.
Here is an overview of measures for rejecting 3rd-party cookies. |
I wouldn't be so eager to automatically add Otherwise we would accept a PR for And we would even consider implementing that ourselves in the absence of community PRs, but only if it is standardized in CPython (the PRs/issues are still open for 3.13 at the time of this writing). |
It's OK for me. That's reasonable. Thanks for consideration. |
As stated in a Google announcement , Chrome disabled third-party cookies for 1% of users as of 4th January 2024.
We need support for the 'Partitioned' attribute in cookies. I think adding Partitioned automatically would be good if same_site is None.
CPython developers have decided to add support for it in version 3.13.
The above PR includes a patch, but it is not compatible with Falcon due to Falcon having its own header generator.
So, here is a very dirty monkey patch for Falcon users who need it today:
To use it, follow these steps.
secure=True
is needed withsame_site='None'
The text was updated successfully, but these errors were encountered: