|
|
|
|
|
|
by d-z-m
930 days ago
|
|
|
> but it is not immediately clear to me if posting a form cross domain will send cookies. As sibling comment says, this is what SameSite is for. If it's a POST form, SameSite=Lax or SameSite=Strict won't send the cookie. If it's a GET form, SameSite=Strict won't send the cookie. SameSite=Lax might, I'm not entirely sure. |
|
|