Are CSRFs Still a Thing?

What SameSite by default means for the future of CSRFs

Photo by Mak on Unsplash.

CSRF vulnerabilities happen when attackers can initiate forged state-changing requests from a foreign domain. This usually occurs because the user’s browser sends session cookies regardless of where the request originates from.