Support "SameSite" cookie option
The "SameSite" cookie prevents CSRF attacks by telling the browser not to send the cookie in requests that originate from sites other than the one that created it.
Read the spec draft here:
Chrome already supports it as declared here:
Keunwoo Lee commented
The SameSite proposal has been superceded by cookie name refixes, so I think all the votes for this issue should be counted as votes for
Chris Hacking commented
This is a useful security measure, at least as a defense-in-depth approach. Edge (and ideally IE as well) should adopt web security improvements whenever possible, and this one shouldn't be very complicated to implement.