π Alex Edwards: A modern approach to preventing CSRF in Go
Have we finally reached the point where CSRF attacks can be prevented without relying on a token-based check (like double-submit cookies)? Can we build secure web applications without bringing in third-party packages like justinas/nosurf or gorilla/csrf?
And I think the answer now may be a cautious βyesβ β so long as a few important conditions are met.
This looks interesting, and I like how this middleware is included in the standard library. Filing this to look at later.
Via: Simon Willison