State of SameSite cookies in Firefox and Chromium
SameSite cookies are commonly used to harden websites against CSRF attacks. These attacks can be mitigated in certain scenarios with SameSite cookies, since a cookie with the SameSite attribute set to strict should not be send to the destination site, if the request passed a foreign site. However, handling of the SameSite attribute differs between Firefox and Chromium. What is the SameSite attribute in theory? The SameSite attribute was specified in the RFC draft rfc6265bis....