Add built-in CSRF protection using Sec-Fetch-Site header
This commit is contained in:
parent
2579ce9f18
commit
54aaa01eb5
7 changed files with 525 additions and 20 deletions
|
|
@ -3,6 +3,9 @@ Version 3.2.0
|
|||
|
||||
Unreleased
|
||||
|
||||
- Add built-in CSRF protection using ``Sec-Fetch-Site`` header with
|
||||
``Origin`` fallback. Controlled by ``CSRF_PROTECTION`` config and
|
||||
``csrf_protection`` route parameter. :issue:`5863`
|
||||
- Drop support for Python 3.9. :pr:`5730`
|
||||
- Remove previously deprecated code: ``__version__``. :pr:`5648`
|
||||
- ``RequestContext`` has merged with ``AppContext``. ``RequestContext`` is now
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue