• gornius@lemmy.world
    link
    fedilink
    arrow-up
    21
    ·
    1 year ago

    Then again, cookie auth is vulnerable to CSRF. Pick your poison.

    Although CSRF protection just adds a minor inconvenience, while there is never a guarantee your code is XSS vulnerability free.