SameSite cookies and Firefox sucking
Back in 2020, I stated:
So CSRF isn’t dead but only because people are still using old or stupid (Safari) browsers.
However, it turns out that Firefox doesn’t set SameSite cookies by default, and instead needs a flag to be set - effectively meaning Mozillas post in 2020 was fairly misleading.
Luckily, this doesn’t matter as Mozillas market share is fairly low now at 3.29%, so luckily nothing is really affected.
To quote n-gate, Mozilla is winning the war against it’s own users.