frontend: proper CSRF protection
did:plc:cezmtk5bb4zipkps3abnjjl6 opened this 26d ago 0 comments
did:plc:cezmtk5bb4zipkps3abnjjl6 opened 26d ago
Currently the CSRF protection is pointless.
Tokens should be generated per session.
And once lustre actually supports it ?csrf-token=" <> csrf_token in webserver.serve_html should be replaced with the token in a meta tag.
As shown in the example
No activity yet.