👨‍💼 Awesome work! You can test this out by clearing your cookies before you submit the form. You should get a 403 error in that case. If you really want, you can try to run a CSRF attack on the playground and see if you can get it to work. Good luck!

In any case, I feel so much more secure now. Thank you!

🧝‍♂️ I'm going to make a validateCSRF utility out of that work you just did because we're going to want to do this all over the place for all our forms. Feel free to do this yourself if you want the practice. I'm also going to apply this to all the forms in the app too. As usual, you can do that yourself if you'd like the extra practice. But I don't mind doing it for you. Either way, you can check the diff. Cheers!