Files
fizzy/test/controllers
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
..
2025-11-24 12:04:33 +01:00
2025-12-10 15:13:35 +01:00
2025-06-24 13:26:37 +02:00
2025-11-21 15:30:14 +00:00