Put CSRF in a meta tag, use fetch with credentials: same-origin, return { ok, data } from controllers.
Comments
Loading…