How can we improve the Microsoft Edge developer experience?

Support "SameSite" cookie option

The "SameSite" cookie prevents CSRF attacks by telling the browser not to send the cookie in requests that originate from sites other than the one that created it.

Read the spec draft here:

https://tools.ietf.org/html/draft-west-first-party-cookies-07

Chrome already supports it as declared here:

https://www.chromestatus.com/feature/4672634709082112

328 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Samuel HodgeSamuel Hodge shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Chris HackingChris Hacking commented  ·   ·  Flag as inappropriate

        This is a useful security measure, at least as a defense-in-depth approach. Edge (and ideally IE as well) should adopt web security improvements whenever possible, and this one shouldn't be very complicated to implement.

      Feedback and Knowledge Base