throwaway63839·قبل 7 سنوات·discussNot true. Using samesite cookie attribute prevents CSRF through IMG tags. (On browsers that support samesite, i.e. most browsers.)