SameSite attribute for 1.9
Concerned version
Version: 1.9.21
Summary
Some use cases are now broken when using 1.9 with Chromium-based browsers (which today means everything that is not firefox), see #2070 (closed).
Firefox will introduce the same change eventually
Possible fixes
Adding SameSite to cookies is not as simple as it seems.
1.9 uses CGI::Cookie, and old versions of CGI::Cookies do not handle SameSite at all. Event recent versions of CGI::Cookie do not handle SameSite=None (only Lax and Strict)
I have a prototype patch that hacks around this limitation
Maybe this change deserves a 1.9.22 release @cleoud ?