feat: implement CSRF protection across forms and routes

2026-05-09 22:09:19 +02:00
parent e8874f9220
commit d89d373a91
14 changed files with 147 additions and 8 deletions
--- a/crates/presentation/src/routes.rs
+++ b/crates/presentation/src/routes.rs
@@ -140,6 +140,7 @@ fn html_routes(rate_limit: u64) -> Router<AppState> {
            "/users/{id}/feed.rss",
            routing::get(handlers::rss::get_user_feed),
        )
+        .layer(middleware::from_fn(crate::csrf::csrf_middleware))
 }

 fn api_routes(rate_limit: u64) -> Router<AppState> {