1

I am troubleshooting a bug that involves a cookie that is sometimes missing from a cross-site POST request.

This page from The Chromium Projects (last updated Mar 18, 2021) describes a temporary intervention to SameSite cookie behaviour, whereby some cookies have a 2-minute window for certain top-level cross-site POST requests.

It is referred to as "Lax+POST".

It describes that this behaviour as a temporary intervention which would be removed. I cannot find any reference that says it has been removed, nor any updates within the last year.

Is this 2-minute behaviour still in place today (Dec 16, 2022) ?

Liam
  • 19,819
  • 24
  • 83
  • 123
  • What makes you think this behaviour has been removed? I would be very surprised if it had been removed without any announcement by the Chromium team. Empirical data indicates that it hasn't. Try running https://samesitetest.com/ in your Chromium instance. – jub0bs Dec 19 '22 at 20:06
  • 1
    @jub0bs Probably my misunderstanding as I learn about it. Posts from more than a year ago said that it was a temporary feature, and I could only find information about it in deeper technical sources. Many sources of information about SameSite do not mention "Lax+POST", "Lax-Allowing-Unsafe", or the differences between Lax and Lax-by-default. So I found it difficult to determine the current status of that feature. – Liam Dec 19 '22 at 20:41
  • 1
    @jub0bs I've learned a lot in the 2 days since asked this question! I would accept your comment as an answer. – Liam Dec 19 '22 at 20:46
  • 1
    The issue I had was that I needed some assurance that the information I read was still current. I have subscribed to get updates on features that I'm interested in at https://chromestatus.com/myfeatures , and this gives me the assurance that I need that there have been no recent changes. – Liam Dec 19 '22 at 21:03
  • 1
    Not sure you should rely on this behaviour. It was only implemented to ease the transition to `SameSite=Lax` by default. Not all browsers implement or plan to implement it. – jub0bs Dec 19 '22 at 21:07

0 Answers0