/Knowledge/sources/honojs__hono/llms-full/csrf-protection--75479cb3f11a.md
CSRF Protection - hono-docs
CSRF Protection Source evidence: /Sources/honojs hono/provenance.md Canonical citation: https://hono.dev/llms full.txt csrf protection Summary This middlewar...
CSRF Protection
Source evidence: /Sources/honojs__hono/provenance.md Canonical citation: https://hono.dev/llms-full.txt#csrf-protection
Summary
This middleware protects against CSRF attacks by checking both the Origin header and the Sec-Fetch-Site header. The request is allowed if either validation passes. The middleware only validates requests that: - Use unsafe HTTP method...
Content
This middleware protects against CSRF attacks by checking both the Origin header and the Sec-Fetch-Site header. The request is allowed if either validation passes.
The middleware only validates requests that:
- Use unsafe HTTP methods (not GET, HEAD, or OPTIONS)
- Have content types that can be sent by HTML forms (
application/x-www-form-urlencoded,multipart/form-data, ortext/plain)
Old browsers that do not send Origin headers, or environments that use reverse proxies to remove these headers, may not work well. In such environments, use other CSRF token methods.
Metadata
{
"chunk_index": 0,
"citation": "https://hono.dev/llms-full.txt#csrf-protection",
"coverage_role": "overview",
"qualified_title": "Hono / llms-full / CSRF Protection",
"retrieved_at": "2026-07-02T05:51:01Z",
"section_index": 140,
"source_id": "/honojs/hono",
"source_type": "llms_full",
"target_label": "llms-full",
"title": "CSRF Protection",
"upstream_url": "https://hono.dev/llms-full.txt",
"version": "2026"
}