All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Go 1.25's CrossOriginProtection: A New Approach to CSRF Prevention

By

todsacerdoti

7mo ago· 9 min readenInsight
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

The kind of bagel that ruins lesser bagels for you.

Score100TypeanalysisSentimentpositive

Summary

The article discusses Go 1.25's new http.CrossOriginProtection middleware and explores whether it enables secure web applications without traditional CSRF token-based protection. The author examines if this eliminates the need for third-party packages like justinas/nosurf or gorilla/csrf, concluding with a cautious 'yes' provided certain important conditions are met.

Key quotes

· 4 pulled
Go 1.25 introduced a new http.CrossOriginProtection middleware to the standard library
Have we finally reached the point where CSRF attacks can be prevented without relying on a token-based check?
Can we build secure web applications without bringing in third-party packages like justinas/nosurf or gorilla/csrf?
And I think the answer now may be a cautious 'yes' — so long as a few important conditions are met.
Snippet from the RSS feed
Go 1.25 introduced a new http.CrossOriginProtection middleware to the standard library — and it got me wondering:

You might also wanna read

Understanding WebAuthn credential protection policy and discoverable credentials

This article explains the WebAuthn credential protection policy, specifically how developers can use the `residentKey` option to control whe

pilcrowonpaper.com·7d ago

Let's Encrypt's Challenge: Creating Intentionally Broken Certificates for Testing

Let's Encrypt, as a Certificate Authority, faces unique challenges in testing certificate validation systems. While most tools focus on main

letsencrypt.org·1mo ago

Website Uses Anubis Proof-of-Work System to Protect Against AI Scraping

The article explains that the website uses Anubis, a Proof-of-Work system similar to Hashcash, to protect against AI companies aggressively

wesnoth.org·1mo ago

Firefox 148 Introduces Standardized Sanitizer API for Enhanced XSS Protection

Firefox 148 introduces the standardized Sanitizer API as a security enhancement to protect against cross-site scripting (XSS) attacks. The n

hacks.mozilla.org·3mo ago

Website Blocks Old Browsers to Combat LLM Training Crawlers

A website owner explains that visitors are seeing an error message because their browsers are being blocked by anti-crawler measures. The si

utcc.utoronto.ca·3mo ago

Website Implements Anubis Proof-of-Work System to Block AI Scraping

The article explains that the website is using Anubis, a Proof-of-Work system similar to Hashcash, to protect against AI companies aggressiv

git.kernel.org·4mo ago