Bypassing CSRF Protections: A Double Defeat of the Double-Submit Cookie - David Johansson