Specifies the SameSite attribute for cookies, controlling how cookies are sent with cross-site requests. Helps prevent cross-site request forgery (CSRF) attacks.

Definition

enum SameSite {
  STRICT
  LAX
  EXTENDED
  NONE
}

Values

STRICT

Cookies will only be sent in a first-party context and not with requests initiated by third-party websites.

LAX

Cookies are not sent on cross-site subrequests (e.g., to load images or frames), but are sent when a user navigates to the origin site from an external site (e.g., by following a link).

EXTENDED

This is a legacy value and should generally not be used. Modern browsers may treat it as `LAX` or `NONE` depending on context.

NONE

Cookies will be sent in all contexts, both first-party and cross-origin. Requires the `Secure` attribute to be set.