As a website owner, I’m glad to hear this. But I’m still going to do CSRF tokens for the foreseeable future, because it’s going to take a long time before even half of all users are on a browser that is secure by default. And the ones who aren’t on the latest browser are also the least security aware and are most susceptible to cross site forgery.

Does this mean no more csrf tokens?

Eventually a long time from now, yes. But it will be a long time before everyone has a browser that is safe by default.