Y
Hacker News
new
|
ask
|
show
|
jobs
by
vbezhenar
2260 days ago
What about setting Cookie with Path and SameSite=LAX? I would expect it to prevent sending cookies in that request, although I did not test it.
1 comments
justinsteven
2260 days ago
I tested with SameSite being Lax and Strict. Neither block the attack in Chrome. My reading of the SameSite spec indicates that it doesn't take cookie path into account.
link