Is a static SameSite cookie enough to protect against CSRF?
Conventional wisdom to prevent CSRF is to use CSRF tokens, but with the new cookie attributes and prefixes, do you even need to generate/save tokens at all?
I’ve had the thought that if I just set a cookie with a static value, I can simply… Continue reading Is a static SameSite cookie enough to protect against CSRF?