I think you're correct here. Also, like POST-based CSRF, get-based CSRF is also ...

		airza on April 17, 2016 \| parent \| context \| favorite \| on: Preventing CSRF with the same-site cookie attribut... I think you're correct here. Also, like POST-based CSRF, get-based CSRF is also a solved problem (issue a param in the URL)