This data as json
|648421105||MDU6SXNzdWU2NDg0MjExMDU=||877||Consider dropping explicit CSRF protection entirely?||9599||open||0||8||2020-06-30T19:00:55Z||2020-07-01T19:12:16Z||OWNER||
https://scotthelme.co.uk/csrf-is-dead/ from Feb 2017 has background here. The
Datasette already uses
A few options then. I could ditch CSRF protection entirely. I could make it optional - turn it off by default, but let users who care about that remaining 7.87% of global users opt back into it.
One catch: login CSRF: I don't see how