'How to set Sec-fetch-site : none on POST requests?

I saw this header is set by user interaction- for example by writing manually the url in the url bar/bookmarks etc..

Any ideas to make a user initiated post request so this header will be passed? I have a vulnerable application to csrf only when this header is set. The request method is POST.

thanks in advance!

csrfsec-fetch-site


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

CookieCsrfTokenRepository allows the client to create its own Csrf Tokens

Apparently Random Error: "Antiforgery token validation failed. The antiforgery cookie token and request token do not match."

Zend framework 2 - csrf regenerates on refresh

What is the point of X-CSRF-TOKEN or X-XSRF-TOKEN, why not just use a strict same site cookie?

CSRF token is not set when first accessing Laravel Application on shared hosting (419 Page Expired)

HTTP Error 418 (Teapot Error) on Link to FlightRadar24 When Server on Localhost

Configuring CSRF tokens with apollo client and graphene-django

Django app runs locally but I get CSRF verification failed on Heroku

Jenkins - No valid crumb was included in request

How to use insomnia with django?

How to resolve XSRF Cross-Site Request Forgery (CSRF) in API controller after SAST Checkmarx

Firefox CSRF token issue on the request

Which mechanism to use for CSRF token handling with spring security

Forbidden (403) CSRF verification failed. Request aborted. Reason given for failure: Origin checking failed does not match any trusted origins

CSRF throwing 403 only in cloud