Skip to content

Commit cded216

Browse files
DanKaplanSEShamishwillee
DanKaplanSES
and
hamishwillee
authored
Minor edits to the "Third-party cookies" section (#39388)
* Minor edits to the "Third-party cookies" section - I think there was some issues with pluralization of the word "Cookie" at the end of this section, so I attempted to reword it. - I ended up changing more than I originally intended - I did not intend to change any of the original meaning. If I did, that was a mistake on my part. * Update files/en-us/web/http/guides/cors/index.md Co-authored-by: Hamish Willee <[email protected]> --------- Co-authored-by: Hamish Willee <[email protected]>
1 parent b7536cd commit cded216

File tree

1 file changed

+5
-2
lines changed
  • files/en-us/web/http/guides/cors

1 file changed

+5
-2
lines changed

files/en-us/web/http/guides/cors/index.md

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -360,9 +360,12 @@ Also note that any `Set-Cookie` response header in a response would not set a co
360360

361361
Note that cookies set in CORS responses are subject to normal third-party cookie policies. In the example above, the page is loaded from `foo.example` but the `Set-Cookie` header in the response is sent by `bar.other`, and would thus not be saved if the user's browser is configured to reject all third-party cookies.
362362

363-
Cookie in the request may also be suppressed in normal third-party cookie policies. The enforced cookie policy may therefore nullify the capability described in this chapter, effectively preventing you from making credentialed requests whatsoever.
363+
Cookies set in CORS requests and responses are subject to normal third-party cookie policies.
364364

365-
Cookie policy around the [SameSite](/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value) attribute would apply.
365+
Third-party cookie policies may prevent third party cookies being sent in requests, effectively stopping a site from making credentialed requests even if permitted by the third party server (using `Access-Control-Allow-Credentials`).
366+
The default policy differs between browsers, but may be set using the [SameSite](/en-US/docs/Web/HTTP/Reference/Headers/Set-Cookie#samesitesamesite-value) attribute.
367+
368+
Even if credentialed requests are allowed, a browser may be configured to reject all third-party cookies in responses.
366369

367370
## The HTTP response headers
368371

0 commit comments

Comments
 (0)