- Only set csrftoken cookie if it is needed by the current page. 7 - Add `Vary: Cookie` header when setting a cookie. 8
0.3.1
- Specify Path=/ when setting cookie. 6
0.3
* Cookie values are now signed to prevent subdomain attacks (described [here](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#double-submit-cookie)). 2 * First non-alpha release
0.2.2a
Fixed cookie encoding bug
0.2.1a
Fixed bug where POST data for forms was not being completely forwarded on to the underlying app.