New posts in Csrf

CSRF with JSON POST when Content-Type must be application/json

Do I need CSRF token if I'm using Bearer JWT?

Setting Same-Site cookie attribute to Lax

Should I use CSRF protection on Rest API endpoints?

Is checking the Referer and Origin headers enough to prevent CSRF, provided that requests with neither are rejected?

CSRF in microservice architecture

security issues in JWT storage

How to handle CSRF protection in a single page application?

How does sending referrer HTTP headers protect against CSRF attacks?

Send a CSRF attack with a specific header referrer?