|
|
|
|
|
|
by lonelappde
2274 days ago
|
|
|
This API is a disaster. None is insecure, but Lax is private? Lax and Strict are adjectives. What are they even modifying? Not "SameSite"!
They are referring to "SameSiteRestriction" or something. Why not align with CS of CSRF as
AllowCrossSite, and values Always / OnUserRequest / Never ? |
|
|