Current CSRF protection doesn't tie the token to a session, so it can be bypassed. We need to pass the request session context into the template to generate a safe CSRF protection token that can be later validated by middleware against the same session.
Current CSRF protection doesn't tie the token to a session, so it can be bypassed. We need to pass the request session context into the template to generate a safe CSRF protection token that can be later validated by middleware against the same session.