> Some people like their sites to work with out javascript.
The 2020 solution to CSRF attacks is using `SameSite` cookies. That makes CSRF tokens obsolete. So if you can accept that old browsers may be vulnerable, you can just use `SameSite` cookies and be done with it.
The 2020 solution to CSRF attacks is using `SameSite` cookies. That makes CSRF tokens obsolete. So if you can accept that old browsers may be vulnerable, you can just use `SameSite` cookies and be done with it.