SameSite SameOrigin?

What is a site? What is an origin? Are they the same interchangably?

What’s cross site? What’s cross origin?

In short, site is eTLD + 1, origin is scheme, host, and port.

What is eTLD? eTLD is effective top-level domain.

What is effective top-level domain? It is one of the domains listed in the Public suffix list: https://publicsuffix.org/list/. (e.g. com, ny.us, github.io, etc). The list gets a little wild.

So site being eTLD + 1, an example is mySite.com, or food.ny.us, or hello.github.io.

Ref:

This blog post is very informative, worth a read: https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/

Info on SameSite cookies: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s