The following cookies have been set:
"DefaultCookie" with no
The next step is to go to External Site.
Now that the cookies have been set on
samesitetest.com, you need to go to the external
samesitetest-external.com and make requests back to this domain.
The browser will attach the allowed cookies, as specified by the SameSite cookie attribute.
You can monitor the behaviour of the cookies in the Browser Developer Tools, to see which cookies were attached to which requests.
An experiment by Stephen Rees-Carter for "CSRF is dead (or is it?)".
Source Code on GitHub, PRs welcome.