... but in my experiments now I can't find a way to cause a SafeSite=Lax cookie to be sent from a POST request starting on another site: https://simonw.github.io/samesite-lax-demo/
Defaulting to SameSite=lax is a (relatively) recent development, as per the doc you linked.
Yes, I don't think cookies with SameSite=Lax will be sent to a cross-domain host when the request type is a POST, even when the navigation is top-level. Though they will for GET and HEAD.
Defaulting to SameSite=Lax has only been in Chrome since Feb of last year, and in Edge since October of last year. It has yet to land in Firefox or Safari.
