datasette PR #2689: Replace token-based CSRF with Sec-Fetch-Site header protection
The Datasette project replaced traditional CSRF token mechanisms with the Sec-Fetch-Site request header, signaling a cleaner, developer-friendlier web security practice gaining mainstream traction.
Simon Willison · 2026-04-14T23:58:53+00:00