https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/
I've created to test it, but I'm confused by the result. https://animated-caribou.glitch.me/
- Chrome: only display the cookie value with SameSite=None in iframe.
- Firefox: display all cookie values in iframe
- Safari(Catalina): display nothing in iframe
- Safari(Mojave): display all cookie values in iframe
| without SameSite attribute | SameSite=None | |
|---|---|---|
| Safari 13.1(Catalina) | ❌ | ❌ |
| Safari 13.0(Catalina) | ❌ | ❌ |
| Safari 13.1(Mojave) | ⭕️ | ⭕️ |
| Chrome | ❌ | ⭕️ |
| Firefox | ⭕️ | ⭕️ |
- ⭕️... Can get a 3rd party cookie
- ❌... Can not get a 3rd party cookie
It depends on the setting of "Prevent cross-site tracking" whether Safari blocks 3rd party cookies of which SameSite attribute is None or not.
- The glitch of 1st party site.
- The glitch of 3rd party site.
Safari seems to block 3rd party cookies regardless of the SameSite attribute from Catalina.
I can't reproduce the behavior with Safari 13.1 on Mojave. But the blog post says "Safari 13.1 on macOS", which doesn't say anything about macOS versions.
When I run the glitch, Web Inspector doesn't mark the cookie as SameSite=None,
See the attached file in a comment. https://gist.github.com/koba04/d52765516600ec51d1761bb0ce994a11#gistcomment-3238700
You can reproduce this by visiting the site with Safari 13.1 on Catalina. https://probable-oxidized-leather.glitch.me/
@ceckoslab Thank you for your investigation!
Yeah, I agree with you.
According to your research, it seems to be a current behavior that Safari 13.1 on Catalina blocks all 3rd party cookies. The blog post didn't mention the OS version though.
https://webkit.org/blog/10218/full-third-party-cookie-blocking-and-more/