Security, SEO & AEO guides for developers who ship with AI — and want to ship safe.
CSRF still bites apps that lean entirely on cookies for auth. Here's how the attack works, why SameSite isn't a complete fix, and how to defend with tokens, headers, and double-submit.