News

SameSite Cookie Changes Rolled Back Until Summer

The Chromium Project announced on Friday that it's delaying enforcement of SameSite cookie changes, and is temporarily rolling back those changes, because of the COVID-19 turmoil.

The new goal is to resume the SameSite changes sometime "over the summer," according to the announcement. The new plans apply to the stable releases of Chromium-based browsers (Chrome, Edge and Opera), but doesn't wholly apply to nonstable browser releases.

"Non-stable Chrome channels (e.g. Dev, Canary, and Beta) will continue with 50% enablement in Chrome 80 and later," the Chromium project clarified at its SameSite Updates page.

This SameSite change, which kicked off in February, attempts to avoid possible cross-site request forgery attempts using cookies. The Chromium project, following an Internet Engineering Task Force draft proposal, is aiming to enforce the "Lax" attribute when no SameSite value is declared in a site's header. If the SameSite attribute is declared as "None," then site owners have to add a Secure attribute, compelling cookie data to use the more secure HTTPS protocol.

This SameSite change is of note to Web site owners, as it affects how "third-party" cookies function. However, Microsoft also had warned back in January that various Microsoft applications could be affected by the SameSite behavioral change.

For instance, the SameSite change could affect ASP.NET Web sites and applications based on OpenID federation, including Microsoft Teams and SharePoint provider-hosted App Parts add-ins. Organizations using Windows Server 2016 and Windows Server 2019 will need certain January updates in place, as well.

The Chromium Project plans to provide further notice about its SameSite plans, which will get announced via the SameSite Updates page.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus