Am Sonntag, 19. April 2020 23:11:59 UTC+2 schrieb Alex Heyden: > > Django supports samesite on session cookies now, and it's on (set to lax) > by default. Whether or not that completely covers your surface risk to CSRF > attacks is a somewhat different question. > > AFAIK they can not happen. But I am not an expert in this area. Does somebody know if CSRF attacks can happen with SameSite=Lax cookies?
> >> -- You received this message because you are subscribed to the Google Groups "Django users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/django-users/84e032ab-f78b-41f8-879f-38e623269910%40googlegroups.com.
