Grading of Exercise 3 Question 1

0 votes
Hi, I’m confused that in Question 1 of Exercise 3, SameSite cookies are listed as a countermeasure against clickjacking.

From my understanding, in a clickjacking attack the action is performed in the same context as the actual site (SameSite). Therefore, SameSite cookies would not mitigate this attack.
in ex03 by (200 points)
reshown by
edit history

1 Answer

0 votes

SameSite cookies can mitigate some clickjacking requests depending on the cookie method and request context. Notably, SameSite=Lax no longer returns cookies for queries within <iframe> factors because they are not top-level navigation. See the MDN documentation and the SameSite=Lax behavior under the heading Set-Cookie for information.

by (280 points)
edit history