Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:119269
Return-Path: <nicolas.grekas@gmail.com>
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 65062 invoked from network); 15 Jan 2023 16:41:00 -0000
Received: from unknown (HELO php-smtp4.php.net) (45.112.84.5)
  by pb1.pair.com with SMTP; 15 Jan 2023 16:41:00 -0000
Received: from php-smtp4.php.net (localhost [127.0.0.1])
	by php-smtp4.php.net (Postfix) with ESMTP id 0126018037F
	for <internals@lists.php.net>; Sun, 15 Jan 2023 08:40:59 -0800 (PST)
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on php-smtp4.php.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,HTML_MESSAGE,
	RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS,
	T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.2
X-Spam-ASN: AS15169 209.85.128.0/17
X-Spam-Virus: No
X-Envelope-From: <nicolas.grekas@gmail.com>
Received: from mail-wm1-f50.google.com (mail-wm1-f50.google.com [209.85.128.50])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256)
	(No client certificate requested)
	by php-smtp4.php.net (Postfix) with ESMTPS
	for <internals@lists.php.net>; Sun, 15 Jan 2023 08:40:59 -0800 (PST)
Received: by mail-wm1-f50.google.com with SMTP id c4-20020a1c3504000000b003d9e2f72093so17224974wma.1
        for <internals@lists.php.net>; Sun, 15 Jan 2023 08:40:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=feJ73EgrXMpjPBWmFwZ7tfIgQTZj754FuiPwsLOhEEk=;
        b=l5F5elRrqajw/6TmZKEw0FfGsG9whqW8lhYKU9w+f7SCpEixUA8rHahCZE0tvIIIfN
         hWIWlUsjXBcfQG5vIyUQJcDafxdjl/ccHN3oX2bzqrxBUQ/KLyATUR4MLm7y60+AR7sm
         /LMk/QmhyZUsA2pux/kgIQXl7O9XrHvZpYJDpra+aQIg5zb6WCkb6fw7MeuJSPaFgji9
         ntaq2+v/EK/6JDBXlD7H75uWNGDfJ7NQrtAxffSqWUoIFinVtmbvS5Ik6cuU0AAWhNdv
         We7MUjYfy/ySCAb2ti1x+1k7wDHHYWT7tKb61KqRlE5qb1OnNuKrpK3zxSRsC6mGpsMt
         GcSg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=feJ73EgrXMpjPBWmFwZ7tfIgQTZj754FuiPwsLOhEEk=;
        b=mWkO2HsrX9EJKNS9q9qyp2nnSCqFzAhC0TWS6vTBd9mGDL12azh/S9u8Ra+7npPQUh
         zmx9f3+L5EkzZKv+O5th2DEw60xpPVXKBaHQBxOkUs/ScIVlVTPPD2cXEC0rqsAlHnrg
         2QNAlPqgJeZLkMPGpd5rW/dQtN7rief7UzuSs+WbHeulzV7Jiv5y2Buz/pEGLeYnidCY
         ul1rRzLObzJnRI+9GxWp9E2dMhtEJlupG+mtmQoa+9QPJzGiL7oW0lN9Rt3aCOOFUfMr
         dhHrO0vuB6aPmPdUle6FZodaBzaym6vs4Rt3GobSfLc9zzNM6oruT61F9Je/Jvu++gUd
         1D1A==
X-Gm-Message-State: AFqh2kphTbHUmuIYTeqWLypwyLn7Cs8bZ78zy8O8uVMDBFE6Ipe6cld5
	h3GhO2TRfhQo6ykSCZBzoYsaa0iwCPKjY0SqxXE6RaYG
X-Google-Smtp-Source: AMrXdXuSEjK2byPt/UDkv9iPjSaozQQtWoOneUdJyjQ2q17Y4msynwWkLCE1y0lMwuIA4/1KBvDQ9jpCcYJkBJyotJY=
X-Received: by 2002:a05:600c:5406:b0:3d9:f1db:2b65 with SMTP id
 he6-20020a05600c540600b003d9f1db2b65mr1508096wmb.201.1673800858017; Sun, 15
 Jan 2023 08:40:58 -0800 (PST)
MIME-Version: 1.0
References: <CAFPFaM+d_1pV__2u+rkTEOF8mPM_CSXRk3udmG-+G1oVuKbQmg@mail.gmail.com>
In-Reply-To: <CAFPFaM+d_1pV__2u+rkTEOF8mPM_CSXRk3udmG-+G1oVuKbQmg@mail.gmail.com>
Date: Sun, 15 Jan 2023 17:40:46 +0100
Message-ID: <CAOWwgpnJrHfx83wkd35J_9HwqzkB-1iRfTyqYbZ=7HB9nUhrhQ@mail.gmail.com>
To: "G. P. B." <george.banyard@gmail.com>
Cc: PHP internals <internals@lists.php.net>
Content-Type: multipart/alternative; boundary="00000000000091236a05f2502153"
Subject: Re: [PHP-DEV] [RFC] Add SameSite cookie attribute parameter
From: nicolas.grekas+php@gmail.com (Nicolas Grekas)

--00000000000091236a05f2502153
Content-Type: text/plain; charset="UTF-8"

Hi George,

Hello Internals,
>
> I would like to start the discussion about the Add SameSite cookie
> attribute parameter RFC:
> https://wiki.php.net/rfc/same-site-parameter
>
> This proposes to add an optional same site parameter to the setrawcooki(),
> setcookie() and session_set_cookie_params() that takes a a value a new
> SameSite enum:
>
> enum SameSite {
>     case None;
>     case Lax;
>     case Strict;}
>

There's quite some activity on the HTTP cookies side.
I read about SameParty and Partitioned attributes recently, see:
- https://developer.chrome.com/docs/privacy-sandbox/chips/
- https://github.com/cfredric/sameparty

Maybe we should have a plan that works for these too?

Nicolas

--00000000000091236a05f2502153--