Y
Hacker News
new
|
ask
|
show
|
jobs
by
olalonde
2480 days ago
This is what cookies are for. No one will be using CSRF tokens once cookies are fixed (e.g. SameSite is widely supported). "Just passing a state-key around" is not mutually exclusive with "being an ugly hack".