Y
Hacker News
new
|
ask
|
show
|
jobs
by
jefftk
889 days ago
If you authenticate users only via Same-Site=Strict cookies you're protected against CSRF in modern browsers: a cross-site request won't have the auth cookie.