|
|
|
|
|
|
by sintaxi
3672 days ago
|
|
|
Yep, CSRF is a completely opt-in problem to have. There is pretty much zero (valid) reasons to need Cookies anymore. Although I agree this spec is an improvement. Its main purpose should be to make legacy systems more secure. The best course of action would be to avoid cookies entirely. |
|
|