Version

latest main

Steps to reproduce

Note that several Playwright tests currently set cross-site cookies with the SameSite=None attribute but miss to as well set the Secure attribute. Due to a recent change in Firefox Nightly this is not allowed anymore and as such those tests are failing.

One example can be found in browsercontext-clearcookies.spec.ts:92:4 › should remove cookies by domain.

Note that I discovered that issue by our BiDi jobs but I'm sure this as well affects non-BiDi.

As per https://web.dev/articles/samesite-cookies-explained#samesitenone_must_be_secure and other sites the secure attribute is required for such cookies.

@yury-s could someone please take a look at this? Thanks.

Expected behavior

The tests need to pass.

Actual behavior

The tests are failing with error messages like Invalid cookie: Cookie “%name%” rejected because it has the “SameSite=None” attribute but is missing the “secure” attribute.

Additional context

No response

Environment

As run in GitHub actions