0.5.1

• Fixed bug where original ASGI headers were not being passed through for some cases. #10

0.5

• Send Vary: Cookie on all pages that display the csrftoken in e.g. a hidden form field. #9

0.4

• Only set csrftoken cookie if it is needed by the current page. #7
• Add Vary: Cookie header when setting a cookie. #8

0.3.1

• Specify Path=/ when setting cookie. #6

0.3

• Cookie values are now signed to prevent subdomain attacks (described here). #2
• First non-alpha release

0.2.2a

Fixed cookie encoding bug

0.2.1a

Fixed bug where POST data for forms was not being completely forwarded on to the underlying app.

0.2a

Broken release, don't use this.

0.1a

First mostly-working version.