I created a simple Web Server that sets a cookie with SameSite=None and Secure flag and tried to check if this cookie was then inserted in the next request made via Iframe
I created this simple Web Server with Flask, which sets a Cookie with SameSite=None and Secure flag... I expose it on http://127.0.0.1:5000:
from flask import Flask, make_response
app = Flask(__name__)
@app.route('/')
def index():
response = make_response('Cookie Set!')
# Set the cookie with SameSite=None and Secure flag
response.set_cookie('my_cookie', 'cookie_value', samesite='None', secure=True)
return response
if __name__ == '__main__':
app.run(debug=True)
When I open firefox and navigate to http://127.0.0.1:5000, the "my_cookie" is set correctly within the browser. If I subsequently open the following HTML page with Firefox which contains an iframe with http://127.0.0.1:5000:
<html>
<iframe src="http://127.0.0.1:5000" sandbox="allow-scripts allow-popups allow-same-origin" > </iframe>
</html>
By intercepting the HTTP request, I don't see the cookie that is set and sent for the request in the iframe... But I don't understand why.
Thanks so much