Files
fizzy/app/controllers
Rosa Gutierrez 7f5fa6d715 Use Sec-Fetch-Site exclusively for CSRF protection
And close the gap with JSON requests, which shouldn't be allowed if
Sec-Fetch-Site is 'cross-site' or 'none', only if it's empty as this
wouldn't be coming from a browser.
2025-12-12 18:37:32 +01:00
..
2025-12-02 11:18:46 -05:00
2025-12-10 15:05:13 +01:00
2025-09-22 12:55:19 +02:00
2025-12-10 15:13:35 +01:00
2025-11-03 15:27:12 +01:00
2025-11-29 11:46:09 +01:00
2025-12-12 08:58:52 +00:00
2025-11-18 15:48:40 +01:00
2025-12-11 11:20:43 +00:00