Alice lia at loveisanalogue.info
Sat Jul 10 11:50:11 BST 2021
- - - - - - - - - - - - - - - - - - -
On 10 July 2021 11:27:34 BST, Alice <lia at loveisanalogue.info> wrote:
HTTP does suffer from the same problem - because cookies are sent
automatically.
I should have added: a recent (ish) addition to the HTTP protocol is the "SameSite" attribute to cookies, which prevents CSRF attacks. However not all browsers currently in circulation support it, so for the time being web developers still need to use CSRF tokens (or not rely on cookies, if using client side JavaScript)
:)Alice