|
|
|
|
|
|
by NorwegianDude
178 days ago
|
|
|
It's not a wrong solution. It's been commonly used since forever, tens of years before the sec-fetch-site header existed, and it stops CSRF. Sec-fetch-site is not supported in old browsers, so relying on that is unsafe without any fallbacks. |
|
|