DEV Community


Discussion on: A Guide to Securing Node.js Applications

wparad profile image
Warren Parad

If you are using REST APIs to secure content and not sending it back as part of a SSR. Then those bypasses don't apply. Since it isn't secure to send content back as part of page navigation anyway. CSRF can entirely be replaced by SameSite.