
CSRF is really dead - UkiahSmith
https://scotthelme.co.uk/csrf-is-really-dead/
======
jedberg
As a website owner, I’m glad to hear this. But I’m still going to do CSRF
tokens for the foreseeable future, because it’s going to take _a long time_
before even half of all users are on a browser that is secure by default. And
the ones who aren’t on the latest browser are also the least security aware
and are most susceptible to cross site forgery.

------
hdfbdtbcdg
Does this mean no more csrf tokens?

~~~
jedberg
Eventually a long time from now, yes. But it will be a long time before
everyone has a browser that is safe by default.

