Allowing SameSite=None Cookies in First-Party Sandboxed Contexts

## Request for Mozilla Position on an Emerging Web Specification

* Specification title: Allowing SameSite=None Cookies in First-Party Sandboxed Contexts
* Specification or proposal URL (if available): https://github.com/whatwg/html/pull/10915
* Explainer URL (if available): https://github.com/explainers-by-googlers/csp-sandbox-allow-same-site-none-cookies
* Proposal author(s) (`@`-mention GitHub accounts): [@aamuley](https://github.com/aamuley) [@DCtheTall](https://github.com/DCtheTall)
* Caniuse.com URL (optional):  
* Bugzilla URL (optional): 
* Mozillians who can provide input (optional): 
* WebKit standards-position: Requested https://github.com/WebKit/standards-positions/issues/450

### Other information
When third-party cookies (3PC) are blocked by Chrome and Firefox, contexts with the `Content-Security-Policy: sandbox` header or <iframe> `sandbox` attribute are no longer able to use `SameSite=None` cookies. The frame must include the `allow-same-origin` value to use cookies, which relaxes many security protections including the opaque origin.

We want to restore existing behavior and enable a frame to signal the browser to include `SameSite=None` cookies in first-party requests from sandboxed frames when 3PC restrictions are active with the `allow-same-site-none-cookies` value

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allowing SameSite=None Cookies in First-Party Sandboxed Contexts #1165

Request for Mozilla Position on an Emerging Web Specification

Other information

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development