The end of CSRF?

The end of CSRF?” blog post talks about the new feature coming to browsers – SameSite cookie enforcement, which will help in getting rid of Cross-Site Request Forgery (CSRF) attacks.  Too bad this is currently only supported by Google Chrome (both desktop and mobile), and Opera.  But I’m sure it’s coming soon to the rest of the browsers.

Update:  It looks like the above blog post is almost a copy of this blog post, which has a number of useful comments.  Including this one, which links to a variety of projects and programming languages bug trackers requesting the support of the SameSite cookie feature.  Also, it looks like SameSite cookie is superseded by the Cookie Prefix solution, proposed by Google.

One thought on “The end of CSRF?”

Leave a Comment