-
feat: add automatic CSRF protection for action calls
ryan released this
2026-02-06 21:17:41 +00:00 | 46 commits to main since this releaseGenerate a per-context CSRF token (128-bit, crypto/rand) and inject it
as a Datastar signal (via-csrf) alongside via-ctx. Validate with
constant-time comparison on /_action/{id} before executing, returning
403 on mismatch. Transparent to users since Datastar sends all signals
automatically.Closes #9
Downloads