Am Sonntag, 19. April 2020 23:11:59 UTC+2 schrieb Alex Heyden: > > Django supports samesite on session cookies now, and it's on (set to lax) > by default. Whether or not that completely covers your surface risk to CSRF > attacks is a somewhat different question. > > AFAIK they can not happen. But I am not an expert in this area. Does somebody know if CSRF attacks can happen with SameSite=Lax cookies?
> >> -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/84e032ab-f78b-41f8-879f-38e623269910%40googlegroups.com.
