- date
- 2025-12-25T19:05:13.801993361Z
- author
- ben
- bennyschulenburg@gmx.de
- title
- Simplify CSRF protection
While researching it some more it seems that using SameSite=lax and making sure that only POST requests change state should be enough, additionally I might check for Sec-Fetch-Site and referrer headers and block the request if the value wrong