惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Engineering at Meta
Engineering at Meta
人人都是产品经理
人人都是产品经理
大猫的无限游戏
大猫的无限游戏
博客园 - 三生石上(FineUI控件)
量子位
腾讯CDC
The Cloudflare Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
云风的 BLOG
云风的 BLOG
Vercel News
Vercel News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
L
LangChain Blog
aimingoo的专栏
aimingoo的专栏
The Hacker News
The Hacker News
T
The Exploit Database - CXSecurity.com
B
Blog
S
SegmentFault 最新的问题
P
Privacy & Cybersecurity Law Blog
T
Threatpost
博客园 - 聂微东
T
Tailwind CSS Blog
The Last Watchdog
The Last Watchdog
C
Check Point Blog
N
Netflix TechBlog - Medium
D
DataBreaches.Net
爱范儿
爱范儿
IT之家
IT之家
S
Secure Thoughts
M
MIT News - Artificial intelligence
NISL@THU
NISL@THU
C
Cisco Blogs
TaoSecurity Blog
TaoSecurity Blog
有赞技术团队
有赞技术团队
A
Arctic Wolf
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
Schneier on Security
Schneier on Security
Simon Willison's Weblog
Simon Willison's Weblog
G
GRAHAM CLULEY
雷峰网
雷峰网
Project Zero
Project Zero
博客园 - Franky
H
Heimdal Security Blog
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Hugging Face - Blog
Hugging Face - Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Netlify Changelog

Gemini 3.5 Flash now available in Agent Runners 4 Nuxt CVEs: what Netlify users need to know Gemini 3.5 Flash now available in AI Gateway Agent Runners workflow improvements Next.js & React security release (May 2026): what to know Block project transfers out of your team Gemini 3.1 Flash-Lite now available in AI Gateway OpenAI GPT-5.5 Instant now available in AI Gateway New `netlify logs` CLI command Deploy to Netlify with Stripe Projects Netlify Database is now generally available OpenAI GPT-5.5 and GPT-5.5 Pro in AI Gateway & Agent Runners Rename an agent run GPT Image 2 now available in AI Gateway New frontend-design skill for Agent Runners Claude Opus 4.7 now available in AI Gateway and Agent Runners Pricing updates for Credit-based plans New sorting and filter controls on the Members page Netlify Database GA coming soon, no new databases for now Deploy logs streaming is now faster Netlify CLI adds prompt-based creation and anonymous deploys Deploy from Codex with the Netlify Plugin Hydrogen with React Router 7 now supported on Netlify Monitor credit usage by day Invoices for Enterprise Available on the Billing Page AI app development on production infrastructure with Netlify Introducing Prompt Templates OpenAI GPT-5.4 Nano and GPT-5.4 Mini in AI Gateway Change your pricing plan Internal Builder Role & Project Access Controls See your available credits at a glance Astro 6 just works on Netlify Limit AI feature usage OpenAI GPT-5.4 and GPT-5.4 Pro in AI Gateway & Agent Runners Deploy Preview screenshots in agent runs Gemini 3.1 Flash-Lite Preview now available in AI Gateway GPT-5.3 Instant now available in AI Gateway Use Netlify Agent Runners from Linear Automatic PHP bot scan blocking now live on all plans Support for stale-while-revalidate in Cache API Gemini 3.1 Flash Image Preview now available in AI Gateway GPT-5.3-Codex now available in AI Gateway Gemini 3.1 Pro Preview now available in AI Gateway Claude Sonnet 4.6 now available in AI Gateway and Agent Runners Sync changes with Agent Runners without Git Claude Opus 4.6 now available in AI Gateway and Agent Runners Agent Runners improvements recap 6 new React Router & Remix CVEs: what you need to know Vulnerability in Node.js: what Netlify users need to know 5 SvelteKit security vulnerabilities: what Netlify users need to know GPT-5.2-Codex Now Available in AI Gateway and Agent Runners Play Games While Agent Runners Do the Work Prerender.io support updated as new extension Gemini 3 Flash Preview now available in AI Gateway GPT-image-1.5 now available in AI Gateway AI Gateway now Generally Available Observability release is here Prerender extension now generally available Action required: React/Next.js CVE-2025-55184 and CVE-2025-55183 GPT-5.2 and GPT-5.2-Pro now available in AI Gateway and Agent Runners GPT-5.1-Codex-Max now available in AI Gateway and Agent Runners Netlify’s response to the critical React security vulnerability Netlify Vite Plugin now supports AI Gateway locally Claude Opus 4.5 now available in AI Gateway Projects deployed using a zip file via API now support branch deploys Day one support for Angular v21 on Netlify Gemini 3 now available in AI Gateway and Agent Runners DNS record management simplified for teams in Netlify organizations Skew protection for CLI workflows Support for more domain TLDs GPT-5.1 model now available in AI Gateway React Router 7 apps can now be deployed to Edge Functions | Netlify Changelog Git SHA exposed for triggered deploys | Netlify Changelog Test scheduled functions in Netlify dashboard | Netlify Changelog Revert agent run in a task | Netlify Changelog Deletion improvements with Netlify Blobs | Netlify Changelog Preview Server restart for cross-functional collaborators | Netlify Changelog AI inference usage graphs | Netlify Changelog Buy credit packs on demand | Netlify Changelog React Router 7 middleware now supported | Netlify Changelog Skew protection now available | Netlify Changelog Next.js 16 is ready to deploy on Netlify | Netlify Changelog Enforce Git-based workflows for production deploys | Netlify Changelog Claude Haiku 4.5 is now available in the AI Gateway | Netlify Changelog GPT 5 Pro now available in the AI Gateway | Netlify Changelog Updates to credit-based Personal and Pro plans | Netlify Changelog New AI workflows: Agent Runners and AI Gateway (beta) | Netlify Changelog Netlify pricing update: Introducing credit-based plans | Netlify Changelog Security Update: Multiple vulnerabilities in Next.js | Netlify Changelog ChatGPT deep link for failed deploy analysis | Netlify Changelog Equinix IP address expiring for 4-year old sites | Netlify Changelog Nuxt 4 support + new @netlify/nuxt module for local dev | Netlify Changelog Smart Secret Scanning for AI-Generated Code | Netlify Netlify DB: Serverless PostgreSQL Database | Netlify One-click install Netlify MCP on Cursor | Netlify Changelog Netlify MCP Server: AI Agents Can Now Deploy Code Directly | Netlify Netlify Becomes Official Vite Deployment Partner + New Plugin | Netlify Angular 20 support | Netlify Changelog Netlify CLI 21.4.1 UI and workflow enhancements | Netlify Changelog Security Update: Next.js sites on Netlify not vulnerable to CVE-2025-32421 | Netlify Changelog
CSRF protection in @netlify/identity 1.1.0
2026-05-02 · via Netlify Changelog

@netlify/identity 1.1.0 introduces a new verifyRequestOrigin helper to make it easier for developers and AI agents to add CSRF (Cross-Site Request Forgery) protection when running authentication on the server.

You can call login(), signup(), or logout() from a Netlify Function or Edge Function to handle authentication entirely on the server. The library reads and writes the nf_jwt and nf_refresh cookies through the Netlify runtime, so the user’s browser receives the session via the response.

import { login, verifyRequestOrigin } from '@netlify/identity'

import type { Context } from '@netlify/functions'

export default async (req: Request, context: Context) => {

verifyRequestOrigin(req)

const { email, password } = await req.json()

await login(email, password)

return new Response(null, { status: 302, headers: { Location: '/dashboard' } })

}

When login(), signup(), or logout() runs inside an HTTP endpoint that you expose, that endpoint needs Cross-Site Request Forgery (CSRF) protection. Without it, an attacker can trick a victim’s browser into logging into the attacker’s account, then collect anything the victim does inside that session.

Call verifyRequestOrigin(request) at the start of the handler. It compares the request’s Origin header against the request’s own origin and throws a 403 on mismatch. If your framework already checks Origin on state-changing requests by default, the call is redundant but harmless.

Refer to the @netlify/identity CSRF protection documentation for the full threat model and the allowedOrigins option.