CSRF vulnerability, again #55
I'm afraid that the issue hasn't been fixed properly. I realized it today after deploying your new release.
You can try: login (or simply visit in a barebone new grails application) the main app website, but DON'T visit the console. Trigger the poc I sent you the last time, and you'll see that it'll still work. After accessing the console the protection will be effective and the poc will stop working.
I suspect that the reason might be the
If the console hasn't been visited yet, there will be no