Go 1.25 middleware for CSRF protection
Consider switching to the new Go 1.25 middleware for CSRF protection.
https://words.filippo.io/csrf/
https://pkg.go.dev/net/http@go1.25rc2#CrossOriginProtection