Web Application Security
Never use the GET method for Sensitive Actions in Web App: Ft. CSRF
The Limitation of Cookie’s “SameSite: Lax” Security
3 min readApr 28, 2024
Introduction
With the introduction of the default “Samesite: Lax” feature, developers can now enhance the security of their web applications significantly. The feature offers a robust defence mechanism against CSRF weaknesses, previously a major concern for developers. As a result, developers can now breathe a sigh of relief and…