"Quick note on Microsoft's implementation: their first shot at it was buggy and caused the "None" policy to omit the SameSite cookie attribute altogether"
This isn't a bug, just unfortunate naming and a lack of prescient engineers. When it was written, None was not a valid enum value (and frankly still isn't) and the default was Lax. To remove Lax, you set it to None in dotnet, which did the standard behavior at the time - emit nothing.
If every framework implemented every random extension proposed to every standard, we'd be in a very messy world with half-baked and sometimes contradictory standards implemented. Special casing because it's Chrome doing the breaking change to the standard/Internet is not a precedent I want to see.
Note that this is the draft, and 6265bis-03 expired in October. While it's presumed that this proposal will be accepted and become the new standard, a single commit does not make the standard.
"Quick note on Microsoft's implementation: their first shot at it was buggy and caused the "None" policy to omit the SameSite cookie attribute altogether"
This isn't a bug, just unfortunate naming and a lack of prescient engineers. When it was written, None was not a valid enum value (and frankly still isn't) and the default was Lax. To remove Lax, you set it to None in dotnet, which did the standard behavior at the time - emit nothing.
If every framework implemented every random extension proposed to every standard, we'd be in a very messy world with half-baked and sometimes contradictory standards implemented. Special casing because it's Chrome doing the breaking change to the standard/Internet is not a precedent I want to see.