Hacker News new | past | comments | ask | show | jobs | submit login

That seems like a pretty egregious bug, presumably there's a spec someone is in violation of?

The blame lies somewhere between Safari and Chrome. The "None" value was added after the Safari implementation, and then Chrome wants to do the default-changing this year now. Unfortunately it looks like the fix isn't going to get backported to iOS 12, so here we are :-(

The point is that UA sniffing provides a last resort way of dealing with bugs in browsers until they are properly fixed (if ever). Imperfect as UA sniffing is, it's a lot better than having literally no way to identify and fix an issue people are having.

The question here is whether the browser is a tool to solve your business issues, or whether it is a a service that is more similar to police, firefighters or healthcare. I am way more biased towards the second.

Safari was not following the spec.

Depends on whuch spec you mean. Older versions of safari (anf chrome) were following the original proposed standard (rfc 6265), which said invalid values should be treated as strict. Later versions of Chrome are following a later internet-draft (rfc 6265bis, which I think was proposed by google), that introduced SameSite=none, and changed the behavior for unknown values to be the same as none.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact