Reference
SameSite cookies - HTTP | MDN
Understanding “same-site” and “same-origin”
csrf - For SameSite cookie with subdomains what are considered the same site? - Information Security Stack Exchange
SameSite cookie recipes
SameSite cookies explained