This post covers the sameSite cookie attribute that's touted to be the killer of csrf attacks. https://scotthelme.co.uk/csrf-is-dead/