Cookie Target App

app.almuthannax.com

This app is meant to set a cookie scoped to app.almuthannax.com and report whether that cookie is received by the target endpoint on a cross-origin PUT.

Main Page Body

If a PUT reaches the target endpoint with the csrf_lab_session cookie, its value field is persisted and rendered here.

No stored value yet.

No successful write yet.

Write A Value From The App Origin

This same-origin PUT includes a JSON value field. If the cookie is present, the endpoint writes that value into the main page body above.

Value to write

Waiting for action...

Set The Cookie

The button below calls a CGI endpoint that sets csrf_lab_session with Domain=app.almuthannax.com; HttpOnly; Secure; SameSite=Lax.

Waiting for action...

Inspect The Target Endpoint

This same-origin request shows whether the endpoint currently sees the cookie and what value is currently stored on the page.

Waiting for action...