throwaway63839·vor 7 Jahren·discussNot true. Using samesite cookie attribute prevents CSRF through IMG tags. (On browsers that support samesite, i.e. most browsers.)