Files
fizzy/app/controllers/concerns
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
..
2025-10-29 13:37:14 +01:00
2025-10-29 13:41:11 +01:00