* 異なるサイトへのリダイレクト

[34] 
[[Safari]]
は
[CODE[SameSite=Lax]] のときであっても、
他の[[サイト]]から[[リダイレクト]]された [[navigate]]
で[[クッキー]]を送信しません。

[35] 
[[Apple]] は何度か修正したと言っているようですが、
最近でもこの現象が続いています。
[[WebKit]] や[[ライブラリー]]のバージョンか何かに依存する問題なのか、
[[ITP]] や[[第三者クッキー]]排除などの [[Apple]]
独自の機能が関係する不透明な仕様に基づく [[Apple]] の意図通りの動作なのか、
不透明でよくわかりません。
[TIME[2021-05-20T03:40:14.000Z]]

;; [36] [[Chrome]] ではそのような挙動にはなりません。

* 歴史

[1] [CITE@en[SameSite: Clarify user-triggered navigation behavior. · Issue #201 · httpwg/http-extensions]]
( ([TIME[2016-06-21 11:53:48 +09:00]]))
<https://github.com/httpwg/http-extensions/issues/201>

[2] [CITE@en[Re: SameSite=Strict cookies for a user entered URL]]
( ([[Mike West]]著, [TIME[2016-06-20 23:34:20 +09:00]]))
<https://lists.w3.org/Archives/Public/public-webappsec/2016Jun/0048.html>

[3] [CITE@en[draft-ietf-httpbis-cookie-same-site-00 - Same-Site Cookies]]
([TIME[2016-08-07 20:44:52 +09:00]])
<https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00>

[5] [CITE['SameSite' cookie attribute - Chrome Platform Status]]
([TIME[2016-12-11 00:14:13 +09:00]])
<https://www.chromestatus.com/feature/4672634709082112>

[6] [CITE@en[SameDomain-cookies/samedomain.txt at master · mozmark/SameDomain-cookies]]
([TIME[2016-12-11 00:15:23 +09:00]])
<https://github.com/mozmark/SameDomain-cookies/blob/master/samedomain.txt>

[7] [CITE@en[795346 – Add SameSite support for cookies]]
([TIME[2016-12-11 00:15:54 +09:00]])
<https://bugzilla.mozilla.org/show_bug.cgi?id=795346>

[8] [CITE@en[459154 - Experiment with "SameSite" cookies. - chromium - Monorail]]
([TIME[2016-12-11 00:17:20 +09:00]])
<https://bugs.chromium.org/p/chromium/issues/detail?id=459154>

[9] [CITE@en['''['''6265bis''']''' Add double-keying policy example to "Third-party cookies" section · Issue #248 · httpwg/http-extensions]]
([TIME[2016-12-26 22:39:19 +09:00]])
<https://github.com/httpwg/http-extensions/issues/248>

[10] [CITE[Actions required to mitigate Speculative Side-Channel Attack techniques - The Chromium Projects]]
([TIME[2018-01-09 10:37:14 +09:00]])
<https://www.chromium.org/Home/chromium-security/ssca>

[11] [CITE@en[Meltdown/Spectre  |  Web  |  Google Developers]]
([TIME[2018-02-08 00:05:08 +09:00]])
<https://developers.google.com/web/updates/2018/02/meltdown-spectre>

[12] [CITE@en-US[Previewing support for same-site cookies in Microsoft Edge - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog]]
([TIME[2018-05-22 18:46:55 +09:00]])
<https://blogs.windows.com/msedgedev/2018/05/17/samesite-cookies-microsoft-edge-internet-explorer/>

[13] [CITE@en[1459321 - SameSite=Strict cookies aren't sent upon page refresh]]
([TIME[2018-06-20 10:32:54 +09:00]])
<https://bugzilla.mozilla.org/show_bug.cgi?id=1459321>

[4] [CITE@en[draft-ietf-httpbis-rfc6265bis-02 - Cookies: HTTP State Management Mechanism]]
([TIME[2018-08-12 16:35:00 +09:00]])
<https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7>

[14] [CITE@en-US[Supporting Same-Site Cookies in Firefox 60 | Mozilla Security Blog]]
([TIME[2018-08-19 16:36:38 +09:00]])
<https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/>

[15] [CITE@en-US[Previewing support for same-site cookies in Microsoft Edge - Microsoft Edge Dev BlogMicrosoft Edge Dev Blog]]
([TIME[2018-08-19 16:37:49 +09:00]])
<https://blogs.windows.com/msedgedev/2018/05/17/samesite-cookies-microsoft-edge-internet-explorer/>

[16] [CITE@en-US[Supporting Same-Site Cookies in Firefox 60 | Mozilla Security Blog]]
([TIME[2018-09-12 02:22:52 +09:00]])
<https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/>

[17] [CITE@en[459154 - Experiment with "SameSite" cookies. - chromium - Monorail]]
([TIME[2018-10-23 02:01:43 +09:00]])
<https://bugs.chromium.org/p/chromium/issues/detail?id=459154>

[18] [CITE@en[635882 - When setting a cookie with "SameSite" (without lax or strict) the cookie is not set. - chromium - Monorail]]
([TIME[2018-10-23 02:03:52 +09:00]])
<https://bugs.chromium.org/p/chromium/issues/detail?id=635882>

[19] [CITE@en[188165 – iOS 12 Safari breaks ASP.NET Core 2.1 OIDC authentication]]
([TIME[2018-10-23 02:08:04 +09:00]])
<https://bugs.webkit.org/show_bug.cgi?id=188165>

[20] [CITE@ja-JP[iOS 12 Safari breaks ASP.NET Core 2.1 OIDC authentication]]
([TIME[2018-10-23 02:08:47 +09:00]])
<https://social.msdn.microsoft.com/Forums/security/ja-JP/5f0aa4a8-9bfe-4be2-a366-77e6939ae36d/ios-12-safari-breaks-aspnet-core-21-oidc-authentication?forum=WindowsAzureAD>

[21] [CITE[c# - Cookies with a SameSite policy enforced are blocked in iOS 12 for SSO flows involving cross-origin requests - Stack Overflow]]
([TIME[2018-10-23 02:09:20 +09:00]])
<https://stackoverflow.com/questions/51982626/cookies-with-a-samesite-policy-enforced-are-blocked-in-ios-12-for-sso-flows-invo>

[22] [CITE@en[Incrementally Better Cookies]]
([TIME[2019-05-08 00:37:46 +09:00]])
<https://mikewest.github.io/cookie-incrementalism/draft-west-cookie-incrementalism.html>

[23] [CITE[Intent to implement: Cookie SameSite=lax by default and SameSite=none only if secure - Google グループ]]
([TIME[2019-05-29 11:26:22 +09:00]])
<https://groups.google.com/forum/#!msg/mozilla.dev.platform/nx2uP0CzA9k/BNVPWDHsAQAJ>

[24] [CITE@en[1551798 - Prototype SameSite=Lax by default]]
([TIME[2019-05-29 11:26:57 +09:00]])
<https://bugzilla.mozilla.org/show_bug.cgi?id=1551798>

[25] [CITE@en[198181 – Cookies with SameSite=None or SameSite=invalid treated as Strict]]
([TIME[2019-11-22 17:26:13 +09:00]])
<https://bugs.webkit.org/show_bug.cgi?id=198181>

[26] [CITE@en[Chromium Blog: Temporarily rolling back SameSite Cookie Changes]]
([TIME[2020-04-05 20:55:58 +09:00]])
<https://blog.chromium.org/2020/04/temporarily-rolling-back-samesite.html>

[27] [CITE@en[Chromium Blog: Resuming SameSite Cookie Changes in July]]
([TIME[2020-05-30 21:50:14 +09:00]])
<https://blog.chromium.org/2020/05/resuming-samesite-cookie-changes-in-july.html>

[28] [CITE@en[Schemeful same-site - Chrome Platform Status]]
([TIME[2020-10-01T03:09:58.000Z]])
<https://www.chromestatus.com/feature/5096179480133632>

[29] [CITE@en[draft-ietf-httpbis-cookie-same-site-00 - Same-Site Cookies]]
([TIME[2020-09-20T10:15:39.000Z]], [TIME[2020-10-01T03:14:44.098Z]])
<https://tools.ietf.org/html/draft-ietf-httpbis-cookie-same-site-00>

[30] [CITE@en[draft-west-cookie-incrementalism-01 - Incrementally Better Cookies]]
([TIME[2020-09-27T07:56:57.000Z]], [TIME[2020-10-01T03:19:01.513Z]])
<https://tools.ietf.org/html/draft-west-cookie-incrementalism-01>

[31] [CITE@en[draft-west-cookie-samesite-firstparty-01 - First-Party Sets and SameSite Cookies]]
([TIME[2020-09-27T08:02:39.000Z]], [TIME[2020-10-01T03:29:30.655Z]])
<https://tools.ietf.org/html/draft-west-cookie-samesite-firstparty-01>

[33] [CITE@en[194906 – Same Site Lax cookies are not sent with cross-site redirect from client-initiated load]], [TIME[2021-05-19T06:39:50.000Z]] <https://bugs.webkit.org/show_bug.cgi?id=194906>

[32] [CITE@en[196375 – Safari (still) doesn't send Lax cookies after a cross-site redirection]], [TIME[2021-05-19T06:39:35.000Z]] <https://bugs.webkit.org/show_bug.cgi?id=196375>