diff --git a/src/handlers/authentication.ts b/src/handlers/authentication.ts
index e137968..1ec3b1a 100644
--- a/src/handlers/authentication.ts
+++ b/src/handlers/authentication.ts
@@ -69,6 +69,7 @@ export const usePassport = function(app: any, prisma: PrismaClient): void {
 		cookie: {
 			maxAge: 1000 * 60 * 60 * 24 * 7, // ms
 			secure: (NODE_ENV === 'production'), // Secure HTTPS cookies only in production
+			sameSite: "lax", // Bound the cookie to be sent only from self frontend (reduce exposurse to CSRF)
 		},
 		name: 'nl.codam.coalitions.session',
 		proxy: (NODE_ENV === 'production'), // Trust the X-Forwarded-Proto header
diff --git a/src/main.ts b/src/main.ts
index 5e9cdbe..223b3c8 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -52,6 +52,9 @@ const main = async () => {
 	// Set up the Express app
 	const app = express();
 
+	// Adding size limit to json request (DoS); 10kb seems to be standard
+	app.use(express.json({ limit: "10kb" }));
+
 	// Adding helmet
 	app.use(helmet.contentSecurityPolicy({
 		directives: {