GitHub

Add CSRF protection and improve session handling

Why: Forms (login, edit, delete) lack CSRF tokens and sessions may be vulnerable to fixation. Adding CSRF tokens and session best-practices reduces attack surface. What to do: Implement CSRF tokens ...
GitHub

Missing csrf token middleware on creating route

Plugin is not adding csrf token in the middlewares. As a result when custom page is set as a homepage of the forum it's causing troubles with the missing csrf token (also if user will refresh the page ...