Before you start the testsuite, there is something you need to know!
This test will take more than two minutes, as this test needs to first create cookies in your
browser and then wait for them to be older than 2 minutes. This is required so we can observe the behaviour
of SameSite=Lax+POST
over time on cookies without a SameSite
attribute set.
The results of each test is stored for only 24 hours. The only information stored is a list of the cookies observed in each request. No personal data is collected or logged. If you want to keep test results for longer than 24 hours, I recommend you screenshot the page.
An experiment by Stephen Rees-Carter for "CSRF is dead (or is it?)" and "SameSite Cookies Deep Dive".
Source Code on GitHub, PRs welcome.