Same-site Cookies

The Same-site cookie RFC updates RFC6265 to include a new cookie attribute named SameSite.

WebOb provides support for setting the SameSite attribute in its cookie APIs, using the samesite keyword argument.

In Incrementally Better Cookies the standard was altered to add an additional option for the SameSite attribute. This new option has known incompatible clients, please be aware that WebOb does not attempt to sniff the user agent to know if setting the SameSite attribute to None will cause compatibility issues.

Please refer to the API documentation for webob.cookies.make_cookie() and webob.cookies.CookieProfile for the keyword arguments.