CSRF protection without tokens or hidden form fields | Dark Hacker News