home / docs / sections

sections: changelog:csrf-protection

This data as json

id page ref title content breadcrumbs references
changelog:csrf-protection changelog csrf-protection CSRF protection Since writable canned queries are built using POST forms, Datasette now ships with CSRF protection ( #798 ). This applies automatically to any POST request, which means plugins need to include a csrftoken in any POST forms that they render. They can do that like so: <input type="hidden" name="csrftoken" value="{{ csrftoken() }}"> ["Changelog", "0.44 (2020-06-11)"] [{"href": "https://github.com/simonw/datasette/issues/798", "label": "#798"}]
Powered by Datasette · Queries took 1.398ms