Are CSRFs Still a Thing?
What SameSite by default means for the future of CSRFs
Published in
3 min readAug 26, 2020
CSRF vulnerabilities happen when attackers can initiate forged state-changing requests from a foreign domain. This usually occurs because the user’s browser sends session cookies regardless of where the request originates from.