Ola Lundqvist <o...@inguza.com> writes: > I do not see how SameSite attribute would help in this case. Or how do you > mean that it would protect against this?
This is what the SameSite attribute was designed for. To protect against CSRF attacks. If a user clicks a link that creates post request to another site, then the cookie won't be transmitted from the browser and the user will not have any login session, so damaging stuff using the user's credentials is not possible. -- Brian May <b...@debian.org>