Ben/RubHub - issues/2025-12-25-19-05-13-801-simplify-csrf-protection/2025-12-25-19-05-13-801-ben.md

Ben Create issue: Switch to single process / multi-thread model edaa030 1 month ago 55 Commits

Raw Source

text/markdown • 363 B • 8 lines

date: 2025-12-25T19:05:13.801993361Z
author: ben
email: bennyschulenburg@gmx.de
title: Simplify CSRF protection

While researching it some more it seems that using SameSite=lax and making sure that only POST requests change state should be enough, additionally I might check for Sec-Fetch-Site and referrer headers and block the request if the value wrong

Ben / RubHub