<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
Potentially... any identity flows performed in iframes that rely on
setting/reading cookies with samesite=none attribute will stop
working. This might affect logout more than login depending on how
each is implemented. This could also affect full page redirect flows
with the form_post response type if the browsers stop supporting the
"temporary solution" they provided for cookies less than 2mins old.
It's unclear at this time as very little is described in that blog
post about exactly what the browser will do :)<br>
<br>
Note that FireFox recently also enabled a model that creates
separate cookie jars per eTLD+1. They are trying to not break
identity flows that cross domains but it's unclear how well the
heuristics work for identifying identity flows. The key heuristic
they call out is using a pop-up browser window which I don't see a
lot of these days.<br>
<br>
I'd highly recommend setting up end-to-end testing that you can push
through any browser or nightly build. Determining exactly what will
(or won't) work from published blogs is difficult :)<br>
<br>
<div class="moz-cite-prefix">On 3/4/21 4:15 AM, Nat Sakimura via
Openid-specs-ab wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAJcjuEJr=nG1pV0tquVtMe=_vGquSw4JfQPRGT2VmqXtPk2tSQ@mail.gmail.com">
<div dir="auto">
<div dir="auto">Would this impact us? </div>
<div dir="auto"><br>
</div>
<div dir="auto"><br>
</div>
<a
href="https://blog.google/products/ads-commerce/a-more-privacy-first-web/"
moz-do-not-send="true">https://blog.google/products/ads-commerce/a-more-privacy-first-web/</a></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Openid-specs-ab mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Openid-specs-ab@lists.openid.net">Openid-specs-ab@lists.openid.net</a>
<a class="moz-txt-link-freetext" href="http://lists.openid.net/mailman/listinfo/openid-specs-ab">http://lists.openid.net/mailman/listinfo/openid-specs-ab</a>
</pre>
</blockquote>
<br>
</body>
</html>