| ▲ | tptacek 3 hours ago | |
I mostly agree, but that's the logic OWASP uses to argue you should still be doing explicit tokens even if you're using SameSite and Sec-Fetch. | ||
| ▲ | tptacek 3 hours ago | |
I mostly agree, but that's the logic OWASP uses to argue you should still be doing explicit tokens even if you're using SameSite and Sec-Fetch. | ||