News

csrf-magic 1.0.2 is a security-fix release, fixing a bug in which IP-based tokens were used even when no secret was specified; this meant that CSRF attacks could be mounted against users with no cookies on the website. Thanks Jakub Vrána for reporting.

csrf-magic 1.0.1 is a maintenance release, with a few new features that overall improve the usability and security of the library, as well as a bugfix for JQuery users.

We also have an RSS feed now, for users who would like to keep updated with csrf-magic!