Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/simonw/samesite-lax-demo

Tiny demo site for exploring SameSite=Lax
https://github.com/simonw/samesite-lax-demo

Last synced: 27 days ago
JSON representation

Tiny demo site for exploring SameSite=Lax

Host: GitHub
URL: https://github.com/simonw/samesite-lax-demo
Owner: simonw
Created: 2021-08-03T00:31:03.000Z (over 3 years ago)
Default Branch: main
Last Pushed: 2021-08-03T21:24:40.000Z (over 3 years ago)
Last Synced: 2024-10-07T11:54:10.814Z (about 1 month ago)
Language: Python
Homepage: https://simonw.github.io/samesite-lax-demo/
Size: 30.3 KB
Stars: 7
Watchers: 3
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

# samesite-lax-demo

Background on my blog: [Exploring the SameSite cookie attribute for preventing CSRF](https://simonwillison.net/2021/Aug/3/samesite/)

This repo holds some tools for exploring the implementation of `SameSite=Lax` (and `SameSite=Strict` and `SameSite=None`) in your browser.

You can set those cookies on this site: https://samesite-lax-demo.vercel.app/

And then use the buttons on https://simonw.github.io/samesite-lax-demo/ - deliberately hosted on an entirely separate domain - to see how they affect navigation to that site using both links and form submissions.

In my explorations using Firefox 89 I get the following:

- For `SameSite=Strict` the cookie I have set is NOT displayed for both link and form navigations
- For `SameSite=None` the cookie I have set is displayed for both link and form navigations
- For `SameSite=Lax` the cookie shows for link navigations but NOT for form navigations