Y
Hacker News
new
|
ask
|
show
|
jobs
by
anaxag0ras
2214 days ago
CSRF attacks can be prevented using same-site policy with cookies.
1 comments
poxrud
2214 days ago
That is true but it will not protect against all forms of CSRF, for example you'll be vulnerable if you have user generated content that's not sanitized properly. On the refresh_token cookie I have sameSite and httpOnly set.
link