Cookie
- rfc6265 HTTP State Management Mechanism
- Same-Site Cookies
- SameSite
- 请求时只有 匹配站点的 cookie 会被发送
- 默认不会随 top-level navigations 发送
- SameSite=Strict
- 与 same-site 请求一起发送
- SameSite=Lax
- same-site, cross-site
- SameSite
- Access-Control-Allow-Credentials: true
- 服务端接受 cookie
- withCredentials: true
- 客户端请求带上 cookie