withastro / roadmap

Ideas, suggestions, and formal RFC proposals for the Astro project.

290 stars 29 forks source link

CSRF Protection #471 #811

Closed ematipico closed 4 months ago

ematipico commented 7 months ago

Accepted Date: 2024-01-10
Reference Issues/Discussions: https://github.com/withastro/roadmap/discussions/471
Author: @FredKSchott
Champion(s): @ematipico
Implementation PR:

Summary

Provide the infrastructure to protect Astro websites from CSRF attacks

Background & Motivation

Most background is available here: https://owasp.org/www-community/attacks/csrf

Astro should provide some level of security to users.

Goals

Add the required checks to prevent CSRF, probably via an option

Non-Goals

Give the users the possibility to customise the implementation of the protection

ematipico commented 4 months ago

Closing. Stage 3: https://github.com/withastro/roadmap/pull/879