GitHub

xsrf.md

XSRF, Cross-Site Request Forgery, is an important security concern for web development. Beego has built in XSRF protection which assigns each user a randomized cookie that is used to verify requests.
GitHub

samesite set by Tomcat CookieProcessor ignored when creating XSRF-TOKEN cookie in CsrfTokenRepository

Prior to Spring Security 6, the CsrfTokenRepository used the response.addCookie in the saveToken method to add the XSRF-TOKEN cookie. In Spring-Security 6 it was changed to call response.addHeader ...