https://github.com/tkachenko0/cookies-playground

Interactive playground to learn CSP by seeing and preventing XSS attacks
https://github.com/tkachenko0/cookies-playground

Last synced: about 1 month ago
JSON representation

Interactive playground to learn CSP by seeing and preventing XSS attacks

• Host: GitHub
• URL: https://github.com/tkachenko0/cookies-playground
• Owner: tkachenko0
• Created: 2026-03-18T16:36:33.000Z (3 months ago)
• Default Branch: main
• Last Pushed: 2026-03-18T17:01:03.000Z (3 months ago)
• Last Synced: 2026-03-19T06:36:41.837Z (3 months ago)
• Language: JavaScript
• Size: 5.86 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# Cookies Playground

Hands-on project to explore how different HTTP cookie configurations work.

## Quick Start

```bash

docker compose up --build -d

```

## Flow

1. Open [http://127.0.0.1:8181](http://127.0.0.1:8181)

1. Click "Set Cookies", this sets cookies with different flags (HttpOnly, Secure, SameSite, etc.)

1. Click "Read Cookies"m compare server-side vs client-side to see which cookies are visible to JavaScript

1. Open [http://localhost:8282](http://localhost:8282)

1. Click the navigation link, this performs a top-level navigation to the main server

1. Check the JSON response: `samesite-strict` is missing because the browser blocks Strict cookies when arriving from a different site

1. Now go directly to [http://127.0.0.1:8181/api/read-cookies](http://127.0.0.1:8181/api/read-cookies), `samesite-strict` is present because it's a same-site request