datasette PR #2689: Replace token-based CSRF with Sec-Fetch-Site header protection
The Datasette project replaced traditional CSRF token mechanisms with the Sec-Fetch-Site request header, signaling a cleaner, developer-friendlier web security practice gaining mainstream traction.
Simon Willison · Apr 15, 2026