Skip to content

Update API for SameSitemode #3569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Nov 26, 2019
Merged

Update API for SameSitemode #3569

Show file tree
Hide file tree
Changes from 10 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
7707c24
Update API for SameSitemode
BillWagner Nov 25, 2019
5b22460
Update xml/System.Web/SameSiteMode.xml
BillWagner Nov 25, 2019
d931a1a
respond to feedback.
BillWagner Nov 25, 2019
ef95238
update per review.
BillWagner Nov 25, 2019
ab8a55b
Update default description.
BillWagner Nov 26, 2019
154df27
missing an opening bracket.
BillWagner Nov 26, 2019
c1d5b4f
Apply suggestions from code review
BillWagner Nov 26, 2019
8408aab
Update xml/System.Web/SameSiteMode.xml
BillWagner Nov 26, 2019
e7dd242
Update xml/System.Web/SameSiteMode.xml
BillWagner Nov 26, 2019
7d2124c
respond to feedback.
BillWagner Nov 26, 2019
dae4e56
final proofread updates.
BillWagner Nov 26, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions xml/System.Web/HttpCookie.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -404,8 +404,18 @@ The <xref:System.Web.HttpCookie.Path%2A> property extends the <xref:System.Web.H
</ReturnValue>
<Docs>
<summary>Gets or sets the value for the SameSite attribute of the cookie.</summary>
<value>One of the enumeration values that represents the enforcement mode of the cookie. If the application targets the .NET Framework 4.7.2 or later versions, the default value is <see cref="F:System.Web.SameSiteMode.Lax" />; otherwise, the default value is <see cref="F:System.Web.SameSiteMode.None" />.</value>
<remarks>To be added.</remarks>
<value>One of the enumeration values that represents the enforcement mode of the cookie or `(SameSiteMode)(-1)` (represented by the string `Unspecified` in config files). The default value depends on updates. For more information on defaults and recent updates, see Remarks.</value>
<remarks><format type="text/markdown"><![CDATA[

## Remarks

The default value of this property was modifed by updates described in [KB article 4531182](https://support.microsoft.com/help/4531182/kb4531182) and [KB article 4524421](https://support.microsoft.com/help/4524421/kb4524421).

Without these updates, the default value is <see cref="F:System.Web.SameSiteMode.None" />, which does not emit the `SameSite` cookie header. This conforms to [https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1](https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1).

After these updates have been applied, the default value is `(SameSiteMode)(-1)`, which corresponds to `Unspecified`. This preserves the earlier behavior. Setting `SameSiteMode.None` causes "SameSite=None" to be emitted.
]]></format>
</remarks>
</Docs>
</Member>
<Member MemberName="Secure">
Expand Down
19 changes: 16 additions & 3 deletions xml/System.Web/SameSiteMode.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,20 @@
</Base>
<Docs>
<summary>Specifies constants that indicate the value for the SameSite attribute of the cookie.</summary>
<remarks>To be added.</remarks>
<remarks>
<format type="text/markdown"><![CDATA[
## Remarks
The behavior of <see cref="F:System.Web.SameSiteMode.None" /> was modified by updates described in [KB article 4531182](https://support.microsoft.com/help/4531182/kb4531182) and [KB article 4524421](https://support.microsoft.com/help/4524421/kb4524421).
Without these updates, the <see cref="F:System.Web.SameSiteMode.None" /> value does not emit the `SameSite` cookie header. This conforms to [https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1](https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-4.1).
After these updates have been applied, the <see cref="F:System.Web.SameSiteMode.None" /> value emits the `SameSite=None` cookie header. This new behavior conforms to [update](https://tools.ietf.org/html/draft-west-cookie-incrementalism-00). As part of this change, FormsAuth and SessionState cookies will be issued with SameSite = `Lax` instead of the previous default of `None`, though these values can be overridden in web.config.
On systems where these updates have been applied, you can specify the previous behavior by setting the `SameSiteMode` to `(SameSiteMode)(-1)`. You can specify this behavior using the string `Unspecified` in web.config.
]]></format>
</remarks>
</Docs>
<Members>
<Member MemberName="Lax">
Expand Down Expand Up @@ -54,7 +67,7 @@
</ReturnValue>
<MemberValue>0</MemberValue>
<Docs>
<summary>No mode is specified.</summary>
<summary>The cookie will be sent with all requests (see remarks).</summary>
</Docs>
</Member>
<Member MemberName="Strict">
Expand All @@ -74,7 +87,7 @@
</ReturnValue>
<MemberValue>2</MemberValue>
<Docs>
<summary>When the value is Strict, or if the value is invalid, the cookie will only be sent along with "same-site" requests.</summary>
<summary>When the value is Strict the cookie will only be sent along with "same-site" requests.</summary>
</Docs>
</Member>
</Members>
Expand Down