From 8fd9997a47ef68ea867dfba6731a240a661be057 Mon Sep 17 00:00:00 2001
From: Marcus Hert Da Coregio <marcusdacoregio@gmail.com>
Date: Mon, 17 Jun 2024 08:12:54 -0300
Subject: [PATCH] Remove outdated note

Closes gh-15263
---
 docs/modules/ROOT/pages/features/exploits/csrf.adoc | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docs/modules/ROOT/pages/features/exploits/csrf.adoc b/docs/modules/ROOT/pages/features/exploits/csrf.adoc
index 4e29c91195..28a1903e5f 100644
--- a/docs/modules/ROOT/pages/features/exploits/csrf.adoc
+++ b/docs/modules/ROOT/pages/features/exploits/csrf.adoc
@@ -208,11 +208,6 @@ The user receives an email at https://email.example.org that includes a link to
 If the user clicks on the link, they would rightfully expect to be authenticated to the social media site.
 However, if the `SameSite` attribute is `Strict`, the cookie would not be sent and so the user would not be authenticated.
 
-[NOTE]
-====
-We could improve the protection and usability of `SameSite` protection against CSRF attacks by implementing https://github.com/spring-projects/spring-security/issues/7537[gh-7537].
-====
-
 Another obvious consideration is that, in order for the `SameSite` attribute to protect users, the browser must support the `SameSite` attribute.
 Most modern browsers do https://developer.mozilla.org/en-US/docs/Web/HTTP/headers/Set-Cookie#Browser_compatibility[support the SameSite attribute].
 However, older browsers that are still in use may not.