id	summary	reporter	owner	description	type	status	component	version	severity	resolution	keywords	cc	stage	has_patch	needs_docs	needs_tests	needs_better_patch	easy	ui_ux
34182	Is there a reason only the headers are checked when using the csrf token?	Joon Hwan 김준환	nobody	"It seems unnatural to put the token back in the body while using the httponly option.
If verify with a cookie (not x-csrftoken header), security is enhanced and it looks much cleaner."	New feature	closed	CSRF	dev	Normal	invalid	csrf, cookie	Florian Apolloner	Unreviewed	0	0	0	0	0	0