CSRF - yibinericxia/documents GitHub Wiki

Apply "SameSite"

Add "SameSite=strict" to the cookie and use it in the response header.

CSRF Token

• Generation:

• Implementation: Transmit the CSRF token within a hidden field of a form which is submitted via POST

References

• OWASP WSTG-SESS-05