Add built-in CSRF protection using Sec-Fetch-Site header

This commit is contained in:
Sharoon Thomas 2025-12-17 02:44:19 +00:00
parent 2579ce9f18
commit 54aaa01eb5
7 changed files with 525 additions and 20 deletions

View file

@ -3,6 +3,9 @@ Version 3.2.0
Unreleased
- Add built-in CSRF protection using ``Sec-Fetch-Site`` header with
``Origin`` fallback. Controlled by ``CSRF_PROTECTION`` config and
``csrf_protection`` route parameter. :issue:`5863`
- Drop support for Python 3.9. :pr:`5730`
- Remove previously deprecated code: ``__version__``. :pr:`5648`
- ``RequestContext`` has merged with ``AppContext``. ``RequestContext`` is now