madelson

> The x-ms-client-request-id is getting altered after the request is being sent. @amnguye I'm not sure I understand what you mean by "altered". Here's my understanding of what happens with...

> The SDK will send the request with ID = 2, the proxy sees the cache hit and responds with a cached response with ID = 1. The SDK compares...

Fair enough. Thanks for taking the time to understand our pain point and I appreciate your consideration of the options.

Can the code be changed to [follow the guidance from the MSFT docs](https://learn.microsoft.com/en-us/dotnet/api/system.net.sockets.socket.connected?view=netstandard-2.0) for checking connected? ``` // .Connect throws an exception if unsuccessful client.Connect(anEndPoint); // This is how you...

I’m early in exploring this repo but looking for the same capability. I think maybe it can be done with the methods that load from a TextReader: ` using TextReader...

Thanks for your detailed answer @advename ! **I still have two questions**, though: > Therefore, SameSite=Lax by itself provides insufficient security against CSRF attacks. (1) I'm not following how you...

> Ask yourself: can you say with 100% confidence that all GET endpoints in your application have no exceptions? What if a junior developer or even a senior developer, who...

> Client side XMLHttpRequest libraries such as [axios](https://axios-http.com/docs/intro) allow you to manage these things automatically Agreed this seems like the way to go. I still can't _force_ devs to use...

> With stateless patterns, like the Double Submit, you send the token in a cookie, which is part of the HTTP Header, making it not vulnerable to the BREACH attack....

> I recently found an additional method to bypass the SameSite cookie attribute or Referer validation when a website has an "Open Redirect" @advename this still relies on sensitive, state-changing...