I am currently in the development phase of my project, where the client (react) is hosted at localhost:3000, and the server (laravel) is hosted at localhost:8000. I'm implementing CSRF protection, and I'm curious about its effectiveness in a setup where the client and server are on separate servers and I'm using PAT token-based authentication instead of a session-based.
Do CSRF tokens work effectively in such scenario?
If they do, what steps should I take to ensure CSRF protection functions properly in my specific setup?
I appreciate any insights or guidance!