I was thinking more about the unsubscribe footer links still very common in emails.
I don’t think CSRF has anything to do with those?
The endpoints serving those links can't be protected as well. Unless they serve a form that posts, which may not be legal if it requires extra clicks
I don’t think CSRF has anything to do with those?
The endpoints serving those links can't be protected as well. Unless they serve a form that posts, which may not be legal if it requires extra clicks