Hacker News new | past | comments | ask | show | jobs | submit login

Yes. https://en.m.wikipedia.org/wiki/Cross-origin_resource_sharin...



CSRF works the same whether the site is served via HTTP or HTTPS. CSRF attacks the server from the client, so HTTPS doesn't protect from this. HTTPS is an end-to-end encrypted tunnel.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: