Baldur Bjarnason

... works as a web developer in Hveragerði, Iceland, and writes about the web, digital publishing, and web/product development

These are his notes

“Exploring the SameSite cookie attribute for preventing CSRF”

In every project where I’ve set the SameSite setting to anything other than “none” Oauth-style logins have broken in at least one browser. 😑