v1.195.3
Fix
Disable CSRF middleware to unblock production
- CSRF origin validation was returning 403 on all POST requests
- (notes/create, threads/create, spaces/create) in production despite
- multiple fix attempts. Clerk session auth is the primary security
- layer — CSRF was defense-in-depth only.
- Middleware is commented out (not deleted) so it can be re-enabled
- once the Netlify proxy header issue is diagnosed via function logs.
