|
|
|
|
|
|
by kokada
244 days ago
|
|
|
Exactly, the post talks about this too: older browsers will be vulnerable, this probably affects only a small amount of the population and it is even lower if you limit service to accept TLSv1.3 (for this to be useful you of course need to enable HTTPS otherwise the attacker can just strip the headers from your request). If you can't afford to do this you still need to use CSRF tokens. |
|
|