A colleague of my pointed to this article from the dropbox's techblog about CSRF [1]. But a search through HN returned no discussion about it despite have been posted 3 times in the last couple of month. Interestingly enough another post from another website [2] on the same topic, got the exact same attention.
[1] https://blogs.dropbox.com/tech/2017/03/preventing-cross-site-attacks-using-same-site-cookies/ [2] https://www.netsparker.com/blog/web-security/same-site-cookie-attribute-prevent-cross-site-request-forgery/