Douglas Wilson

> are professional translation services no longer being donated to the project? I believe the answer is "no" on this point. If @crandmck has a chance to chime in he...

At a base level all features should works on Linux and Windows equally (which is why we run the CI in both environments with every commit and PR). So if...

Awesome, thanks! Would you be willing to update the other references to this same link in the website?

Right, but they _can_, which may lead to someone sending a body with a GET request and (if the user incorrectly placed method-override after this module) could be interpreted as...

Unfortunately when it comes to security, people can shoot themselves in the foot, but we should at least make them try harder to do this. Currently all it takes is...

In fact, the only times I see people asking security-related questions in projects is because they are wondering how to do something that is not secure at all and wondering...

> what we can do is just 403 if the original method is idempotent I think I like this better than just checking the CSRF token and carrying on, though...

Once issue I can see, though, is that `DELETE` and `PUT` is defined to be idempotent, but I'm sure people would like to CSRF token check on those methods; I'm...

I feel like I have circled back around to liking my original proposal better again...

lol, I just thought of a crazy new idea: check the CSRF token how it is, but then set `req.method` to no longer be a writable property :P