Secure cookie flags + CSRF for our own POST forms (todo §4); SECURE_COOKIES toggle on session/CSRF cookies; csrf.ts signed double-submit token + body.ts form reader; logout is now a CSRF-guarded POST form

2026-06-18 11:12:32 +02:00
parent dec55f85a6
commit 4b2173cb84
21 changed files with 241 additions and 26 deletions
--- a/views/index.ejs
+++ b/views/index.ejs
@@ -17,6 +17,7 @@
  body: filters + table + pager,
  brand: model.shell.brand,
  breadcrumbs: model.shell.breadcrumbs,
+  csrfToken: model.shell.csrfToken,
  nav,
  theme: model.shell.theme,
  title: model.shell.title,