Yes that's very true.
But what stops the attacker from retrieving a fresh csrf token using the /csrf-cookie endpoint? Are there security measures in place?
If they gain access to the cookies then yes. The whole point is just adding more layers of security and following all recommendations and best practices.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Yes that's very true.
But what stops the attacker from retrieving a fresh csrf token using the /csrf-cookie endpoint? Are there security measures in place?
If they gain access to the cookies then yes. The whole point is just adding more layers of security and following all recommendations and best practices.