Use Fetch Metadata headers to prevent cross-origin attacks

In this video, I talk about Cross-Site Request Forgery (CSRF), how SameSite cookies can help protect against this attack but where they fall short, and how Fetch Metadata headers can offer a solution. 0:00 Intro 1:42 Demo application 2:12 Code walkthrough 3:54 CSRF 5:20 SameSite cookies 6:29 site vs origin 7:19 SameSite limitations 8:59 Fetch Metadata 11:00 Implementation 12:25 Demo 12:50 Conclusion 13:25 Outro More info Bypassing SameSite cookie restrictions: https://portswigger.net/web-security/csrf/bypassing-samesite-restrictions Fetch metadata headers: https://web.dev/fetch-metadata/ Lukas Weichselbaum Home: https://webappsec.dev/ LinkedIn: https://ch.linkedin.com/in/lweichselbaum Twitter: https://twitter.com/we1x?s=20