|
|
|
|
|
|
by aj3
1810 days ago
|
|
|
CSRF tokens have overhead and they have to be implemented for all inputs which isn't trivial (judging by amount of CSRF related vulnerabilities disclosed in hacker one reports). I think the intention here is to make cross site requests stand out so that they can be dealt with in a more streamlined/uniform fashion. |
|
|