v3.0.0

Bump version 2.0.0 → 3.0.0

Breaking changes

• Drop Python 3.7 support

v2.0.0

Bump version 1.4.5 → 2.0.0

Breaking changes

• Initializer arguments other than app and secret are now keyword-only.
  • This shouldn't affect you if you add the middleware normally using Starlette's Middleware or FastAPI's .add_middleware.

New features

• Add a required_urls argument to set route patterns where CSRF should always be enforced, no matter the method or cookies present.
  • Useful to prevent attacks like Login CSRF.
  • Thanks @bkis for the idea and feedback

v1.4.5

Bump version 1.4.4 → 1.4.5

Improvements

• Bump starlette >=0.14.2
• Use Hatch for package management

v1.4.4

Improvements

• Rewrite as a pure ASGI middleware, without BaseHTTPMiddleware as it's now deprecated.
• Bump dependencies:
  • starlette >=0.14.2,<0.21.0

v1.4.3

Bug fixes and improvements

• Bump dependencies:
  • starlette >=0.14.2,<0.20.0
  • itsdangerous >=2.0.1,<3.0.0

v1.4.2

Fixes and improvements

• Put submitted CSRF token retrieval logic in a separate method _get_submitted_csrf_token for easier overloading.

v1.4.1

Bug fixes and improvements

• Bump dependencies:
  • starlette >=0.14.2,<0.19.0

v1.4.0

New features

• The error response logic is now in its own separate method to ease overloading in case you need a custom error response. [Documentation]

Improvements

• Bump packages:
  • starlette >=0.14.2,<0.18.0

v1.3.0

New features

• Allow to exempt some routes from CSRF protection following Regex patterns. Thanks @lsapan 🎉

Improvements

• Bump packages:
  • starlette >=0.14.2,<0.17.0
  • itsdangerous ==2.0.1