11Şub
Lax SameSite and POST (2 minute)
I was going through this link https://medium.com/@renwa/bypass-samesite-cookies-default-to-lax-and-get-csrf-343ba09b9f2b to understand CSRF using samesite. Does that mean that the LAX+POST issue has been resolved by Chrome, which means that now there is no 2-minute window by default that would prevent user from making a request?
The test I performed was I logged in using the code which created a cookie for me. Then after 3 minutes, I made a POST call to settings.php that simply allowed me to update the cookie without any issue.
