Missing CSRF middleware

**Describe the bug**
Websites that rely on cookie-based authentication may be vulnerable to cross-site request forgery (CSRF). Specifically, a state-changing request should include a secret token so the request can't be forged by an attacker. Otherwise, unwanted requests can be submitted on behalf of a user who visits a malicious website.

** Recommendation **
Use a middleware package such as `csurf` to protect against CSRF attacks.

**Additional context**
[Security Alert](https://github.com/thirionlogan/nu-leaf/security/code-scanning/3?query=ref%3Arefs%2Fpull%2F32%2Fmerge)
- OWASP: [Cross-Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF))
- Common Weakness Enumeration: [CWE-352](https://cwe.mitre.org/data/definitions/352.html).


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Missing CSRF middleware #33

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Missing CSRF middleware #33

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions