Review CSRF middleware and `Sec-Fetch-Site` header

Note to self: [Hackernews](https://news.ycombinator.com/item?id=46351666) had this blog post posted.

* https://blog.miguelgrinberg.com/post/csrf-protection-without-tokens-or-hidden-form-fields
* https://words.filippo.io/csrf/
* https://github.com/rails/rails/pull/56350

see https://github.com/golang/go/blob/master/src/net/http/csrf.go  which was introduced in GO 1.25

Maybe there is something we can adopt?

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Review CSRF middleware and `Sec-Fetch-Site` header #2855

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Review CSRF middleware and Sec-Fetch-Site header #2855

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions

Review CSRF middleware and `Sec-Fetch-Site` header #2855