No, this won't defeat CSRF attacks. All this does is create a separate cache for... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

aembleton on Jan 26, 2021 | parent | context | favorite | on: Firefox 85 cracks down on supercookies

No, this won't defeat CSRF attacks.

All this does is create a separate cache for each site, so that they can't infer that a user has already been to another site. It makes no changes to POST/PUT/PATCH requests to an endpoint. They will still be going there.

arendtio on Jan 27, 2021 [–]

Okay, I thought it would also keep the browser from sending cookies/authentication data, it received via another origin.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact