⚗️ Also test public suffix

server.ts

@@ -10,7 +10,9 @@ app.use(async (ctx) => {
     const { cookie } = ctx.request.body as { cookie: string };
     ctx.set("Set-Cookie", [
       `cookie-none=${cookie.replace(/[^A-Za-z0-9]+/g, '-')}; SameSite=None; Secure`,
-      `cookie-lax=${cookie.replace(/[^A-Za-z0-9]+/g, '-')}; SameSite=Lax; Secure`
+      `cookie-lax=${cookie.replace(/[^A-Za-z0-9]+/g, '-')}; SameSite=Lax; Secure`,
+      `cookie-none-top-level=${cookie.replace(/[^A-Za-z0-9]+/g, '-')}; SameSite=None; Secure; Domain=hf.space`,
+      `cookie-lax-top-level=${cookie.replace(/[^A-Za-z0-9]+/g, '-')}; SameSite=Lax; Secure; Domain=hf.space`,
     ]);
     ctx.redirect( "/");
   } else {
@@ -19,6 +21,8 @@ app.use(async (ctx) => {
       <pre>${JSON.stringify(Object.fromEntries(Object.entries(ctx.request.headers)), null, 2)}</pre>
       <p>Cookie SameSite=None: ${ctx.cookies.get("cookie-none")?.replace(/</g, '$lt;')}</p>
       <p>Cookie SameSite=Lax: ${ctx.cookies.get("cookie-lax")?.replace(/</g, '$lt;')}</p>
+      <p>Cookie SameSite=None Top-Level: ${ctx.cookies.get("cookie-none-top-level")?.replace(/</g, '$lt;')}</p>
+      <p>Cookie SameSite=Lax Top-Level: ${ctx.cookies.get("cookie-lax-top-level")?.replace(/</g, '$lt;')}</p>
       <form method="POST">
         <label>Cookie value<br>
           <input type="text" name="cookie" />