oss-sec mailing list archives

Re: xdg-open bypassing SameSite=Strict

From: grape mingijung <mingijung.grape () gmail com>
Date: Tue, 24 Jun 2025 17:41:10 +0900

Hello,

Thank you again for your continued attention to this topic.

With respect to sending SameSite=Strict cookies in CLI-initiated
navigations, it seems that different browsers may take slightly different
approaches to this issue. Because of that, it’s hard to predict how things
will develop going forward.

My impression is that allowing SameSite=Strict cookies in CLI-initiated
navigations is unlikely to cause significant compatibility issues in
practice.

I’ll be following any updates with interest.

Best regards,
grape mingijung

Current thread:

xdg-open bypassing SameSite=Strict grape mingijung (Jun 23)
- Re: xdg-open bypassing SameSite=Strict Solar Designer (Jun 23)
  - Re: xdg-open bypassing SameSite=Strict grape mingijung (Jun 24)
- Re: xdg-open bypassing SameSite=Strict Simon McVittie (Jun 24)
  - Re: xdg-open bypassing SameSite=Strict Anton Luka Šijanec (Jun 24)
- Re: xdg-open bypassing SameSite=Strict Gabriel Corona (Jun 24)
  - Re: xdg-open bypassing SameSite=Strict Lucas Holt (Jun 24)