Do I still need CSRF protection when SameSite is set to Lax?
During a security assessment I noticed that Firefox automatically set the SameSite value of a session cookie to Lax. According to the Mozilla specs, this is the case for ‘modern browsers’.
The SameSite attribute set to Lax seems to protect… Continue reading Do I still need CSRF protection when SameSite is set to Lax?