The following cookies have been set:
"StrictCookie" with SameSite=Strict
"LaxCookie" with SameSite=Lax
"SecureNoneCookie" with Secure and SameSite=None
"NoneCookie" with SameSite=None
"DefaultCookie" with no SameSite attribute
The next step is to go to External Site.
Now that the cookies have been set on samesitetest.com, you need to go to the external
site at samesitetest-external.com and make requests back to this domain.
The browser will attach the allowed cookies, as specified by the SameSite cookie attribute.
You can monitor the behaviour of the cookies in the Browser Developer Tools, to see which cookies were attached to which requests.
An experiment by Stephen Rees-Carter for "CSRF is dead (or is it?)" and "SameSite Cookies Deep Dive".
Source Code on GitHub, PRs welcome.