wisp icon indicating copy to clipboard operation
wisp copied to clipboard

Published 20 hours ago • verified publisher icon gleam-wisp

CSRF protection

Open lpil opened this issue 11 months ago • 2 comments

We want to provide CSRF protection so the programmer does not have to worry about how to implement this security requirement.

Are CSRF tokens still required? Or are SameSite cookie (possibly combined with origin header checking?) enough? The support for SameSite seems good: https://caniuse.com/?search=SameSite

Perhaps CSRF tokens could be a third party library which can be used by teams that need to support older browsers.

lpil avatar Aug 06 '23 09:08 lpil