CSRF: Signed Double Submit Cookie & ‘Referer’ validation vs MITM and vulnerable subdomains
I have been researching various techniques for preventing CSRF attacks, such as SOP, SameSite, Secure, Referer validation, and CSRF Tokens, and their potential bypasses. During my research, I discovered the following vulnerabilities: