SameSite By Default in 2020?
Posted by James Jardine on October 28, 2019 · Comments Off on SameSite By Default in 2020?
Filed under: Development, Security, Testing
Filed under: Development, Security, Testing
If you haven't seen, Cross Site Request Forgery (CSRF) is getting a big protection by default in 2020. Currently, most protections need to be implemented explicitly. While we are seeing some nonces included and checked by default (Razor Pages), you typically still need to explicitly check the nonce. This requires that the developers understand that ...