|
|
|
|
|
|
by aj3
1806 days ago
|
|
|
It's not FUD. There are protections, but csrf tokens are a workaround while these headers are more akin to proper solution. Also, it won't magically make CSRF obsolete same way Origin header and CORS didn't make CSRF obsolete, but it's another tool in the appsec toolbox. |
|
|