Closed niftylettuce closed 4 years ago
per https://scotthelme.co.uk/csrf-is-dead/ and since expressjs/cookies supports same site, we should probably set sameSite: true by default?
sameSite: true
per https://scotthelme.co.uk/csrf-is-dead/ and since expressjs/cookies supports same site, we should probably set
sameSite: trueby default?