ATProto Browser
Experimental browser for the Atmosphere
Experimental browser for the Atmosphere
In which I survey CSRF countermeasures and existing Go libraries and propose we add CrossOriginForgeryHandler to net/http to solve this once and for all. Turns out there is no need for tokens or keys in 2025! Browsers just send a This-Is-CSRF header now. (Sort of.) https://github.com/golang/go/iss
May 7, 2025, 4:36 PM
{
"uri": "at://did:plc:x2nsupeeo52oznrmplwapppl/app.bsky.feed.post/3loltfoh7ut2y",
"cid": "bafyreigcrbyw6qrelmnnwajubzo6syxfcnv7r4j62mxzbeootvjplzeb4q",
"value": {
"text": "In which I survey CSRF countermeasures and existing Go libraries and propose we add CrossOriginForgeryHandler to net/http to solve this once and for all.\n\nTurns out there is no need for tokens or keys in 2025! Browsers just send a This-Is-CSRF header now. (Sort of.)\n\nhttps://github.com/golang/go/iss",
"$type": "app.bsky.feed.post",
"langs": [
"en"
],
"facets": [
{
"index": {
"byteEnd": 309,
"byteStart": 268
},
"features": [
{
"uri": "https://github.com/golang/go/issues/73626",
"$type": "app.bsky.richtext.facet#link"
}
]
}
],
"createdAt": "2025-05-07T16:36:54.402Z"
}
}