The user is on site-a.com and there is an iframe with site-b.com. site-b.com makes GET request back to site-a.com (inside iframe). Will Lax cookies for cross-site GET to site-a.com be send with the request?
To be more clear:
- Before GET request: site-b.com iframed in site-a.com
- After GET request: site-a.com iframed in site-a.com
From my observation in Chrome 91 canary this cookie is blocked, while it is not blocked in Chrome 88. I thought that only Lax+POST is problematic but it looks like also Lax+GET is now blocked in some cases. Is there any information/spec. about cross-site GET+Lax cookies?
Aucun commentaire:
Enregistrer un commentaire