All release notes

v1.195.3

1 fix

Disable CSRF middleware to unblock production

  • CSRF origin validation was returning 403 on all POST requests
  • (notes/create, threads/create, spaces/create) in production despite
  • multiple fix attempts. Clerk session auth is the primary security
  • layer — CSRF was defense-in-depth only.
  • Middleware is commented out (not deleted) so it can be re-enabled
  • once the Netlify proxy header issue is diagnosed via function logs.