Not to be That Guy 2.0; but doesn't all of this ad hoc hackery (CSRF tokens included, IMHO) around request authorisation and, if you'll permit me to extend the discussion a bit, also around request rate limiting, indicate that there might be something terribly broken at the heart of web requests?
In a same way that I feel the proliferation of front end frameworks indicates something is terribly broken at a cellular level about UI in HTML.
Might it not be time for a radical rethink? Can we not hope for a piercing, elegant solution?
In a same way that I feel the proliferation of front end frameworks indicates something is terribly broken at a cellular level about UI in HTML.
Might it not be time for a radical rethink? Can we not hope for a piercing, elegant solution?