{"ok": true, "database": "docs", "table": "sections", "rows": [{"id": "upgrade_guide:security-properties", "page": "upgrade_guide", "ref": "security-properties", "title": "Security properties", "content": "For defense-in-depth the  ds_actor  and  ds_messages  cookies continue to be set with  SameSite=Lax  (Datasette's long-standing default). This means a genuine cross-site POST from an attacker's page would arrive without the user's authentication cookie even if the header check somehow failed.", "breadcrumbs": "[\"Upgrade guide\", \"Datasette 1.0a20 plugin upgrade guide\", \"CSRF protection is now header-based\"]", "references": "[]"}], "primary_keys": ["id"], "primary_key_values": ["upgrade_guide:security-properties"], "query_ms": 5.172744000446983, "truncated": false}