Wednesday, March 11, 2020

SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite)

The recent version of Chrome has broke some workflows with samesite cookies. So a few weeks ago I made a video discussing the samesite Attribute change in chrome and how it is a great change that will end CSRF.

 It looks like Chrome 80 is officially out now and websites are broken or stuck in infinite loops. This is because Cookies without samesite Attribute are treated as samesite lax which means cookies will not be sent except if it is a GET request and top-level navigation clicking on a link

No comments:

Post a Comment

Share your thoughts

Note: Only a member of this blog may post a comment.