SameSite Cookie
SameSite cookies can help protect websites from CSRF (Cross-Site Request Forgery) attacks, but implementation can be difficult to get right. Here is my testing of various SameSite attributes in Chromium 135.0.7016.0 dev build.
| Origin | Method | Samesite Attribute | Cookie sent? |
|---|---|---|---|
| Same | GET | None | ✅ |
| Cross | GET | None | ✅ |
| Same | POST | None | ✅ |
| Cross | POST | None | ✅ |
| Same | GET | Lax | ✅ |
| Cross | GET | Lax | ✅ |
| Same | POST | Lax | ✅ |
| Cross | POST | Lax | ❌ |
| Same | GET | Strict | ✅ |
| Cross | GET | Strict | ❌ |
| Same | POST | Strict | ✅ |
| Cross | POST | Strict | ❌ |