top | item 46384299 (no title) NorwegianDude | 2 months ago It's not a wrong solution. It's been commonly used since forever, tens of years before the sec-fetch-site header existed, and it stops CSRF. Sec-fetch-site is not supported in old browsers, so relying on that is unsafe without any fallbacks. discuss order hn newest No comments yet.
No comments yet.