InfoSecVulnerabilities Did default SameSite:Lax put the nail in the coffin for CSRF? Mostly, but not always!
