CSRF protection without tokens or hidden form fields · HackerLangs