A cookie-based web app receives POSTs from another origin. What’s the most appropriate protection?

Last Updated :

Discuss

Comments

Enable Access-Control-Allow-Origin: *

Rely on CORS preflight alone

Use framework CSRF tokens (per-form) and validate Origin/Referer

Set SameSite=None on cookies to simplify cross-site requests

This question is part of this quiz :

Tags:

Share your thoughts in the comments

GeeksforGeeks