I have CSRF protection implemented server side, can I safely use `SameSite=None; Secure; HttpOnly`?
We have a web service where GET is always safe and all unsafe POST requests use single-use CSRF tokens. We have some cases where cross-origin domain would need to pass us POST request with data that should be used with currently active use… Continue reading I have CSRF protection implemented server side, can I safely use `SameSite=None; Secure; HttpOnly`?