SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite)
The recent version of Chrome has broke some workflows with samesite cookies. So a few weeks ago I made a video discussing the samesite Attribute change in chrome and how it is a great change that will end CSRF.
It looks like Chrome 80 is officially out now and websites are broken or stuck in infinite loops. This is because Cookies without samesite Attribute are treated as samesite lax which means cookies will not be sent except if it is a GET request and top-level navigation clicking on a link
0:00 Intro
1:10 SameSite=Strict
6:00 SameSite=Lax
8:00 SameSite=None
11:00 No SameSite Attribute
Source Code
🏭 Software Architecture Videos
💾 Database Engineering Videos
🛰 Network Engineering Videos
.
1 view
71
15
9 months ago 00:04:16 2
SameSite Cookies for Everyone - Cross Site Request Forgery Mitigations (follow up)
9 months ago 00:13:56 1
SameSite Cookie Attribute Explained by Example (Strict, Lax, None & No SameSite)
9 months ago 00:11:33 1
SameSite Cookies Explained ~ With Examples
1 year ago 00:54:36 1
Tutorial - Part 6 | Authentication for API Routes using JWT and bcrypt
4 years ago 00:35:33 9
CSRF-уязвимости все еще актуальны / Михаил Егоров (Odin — Ingram Micro)
4 years ago 00:21:27 1
Cookie recipes - SameSite and beyond || Google Chrome Developers