Goodbye CSRF - SameSite to the rescue! I wasn’t aware of the forthcoming SameSite attribute for cookies—sounds very sensible indeed.