feat: enable csrf token header

Emyrk · Emyrk · commit 420684f60034 · 2023-12-19T11:24:24.000-06:00
diff --git a/coderd/httpmw/csrf.go b/coderd/httpmw/csrf.go
@@ -32,12 +32,6 @@ func CSRF(secureCookie bool) func(next http.Handler) http.Handler {
 		mw.ExemptRegexp(regexp.MustCompile("derp/*"))
 
 		mw.ExemptFunc(func(r *http.Request) bool {
-			// Enable CSRF in November 2022 by deleting this "return true" line.
-			// CSRF is not enforced to ensure backwards compatibility with older
-			// cli versions.
-			//nolint:revive
-			return true
-
 			// CSRF only affects requests that automatically attach credentials via a cookie.
 			// If no cookie is present, then there is no risk of CSRF.
 			//nolint:govet
