Post AdEe9jWvftWkLrntEO by coelacanthus@mastodon.yuuta.moe
 (DIR) More posts by coelacanthus@mastodon.yuuta.moe
 (DIR) Post #AdEe9jWvftWkLrntEO by coelacanthus@mastodon.yuuta.moe
       2023-12-27T12:33:43Z
       
       0 likes, 1 repeats
       
       TL;DR这个网站的实现问题阻止了 #Firefox 默认启用 network.cookie.sameSite.noneRequiresSecure。但是事实上这个网站维护者知道这个问题，他们甚至编写了修复的版本，但是他们会根据 UA 判断浏览器，如果是 Firefox 则拒绝应用这个修复。https://bugzilla.mozilla.org/show_bug.cgi?id=1679318
       
 (DIR) Post #AdEe9l7TlUMFHVuaq8 by coelacanthus@mastodon.yuuta.moe
       2023-12-27T12:33:58Z
       
       0 likes, 0 repeats
       
       > Since Chromium 80 (June 2020) has enforced Secure when #SameSite is None, and this site has a fix but it just doesn't apply to Firefox. So I think we should enable it by default to enforce this site to apply their fix to Firefox as well. We SHOULD NOT put the security of all users at risk JUST because of a garbage website. What's more, the maintainers of this website actually know about this problem, they just refuse to apply a fix for Firefox.