0.11

• Switched from setup.py to pyproject.toml #34
• Fixed several deprecation warnings. #36, #37

0.10

• Fix for intermittent mysterious error with some form submissions. #21
• New options for customizing the cookie that is set: cookie_path, cookie_domain, cookie_secure, cookie_samesite. Thanks, Kevin Abraham. #25
• Ability to customize the error page using the new send_csrf_failed argument. #28

0.9

• New skip_if_scope= callback function mechanism to allow custom logic for skipping CSRF protection, based on the ASGI scope. See skip_if_scope documentation. #20

0.8

• always_set_cookie=True option for if you want to set a missing CSRF token even on pages that do not display a hidden form field. #16

0.7.2

• Fixed broken tests when running against latest httpx. #18

0.7.1

• Fix for ASGI exception on non-http scopes. #15

0.7

• Support for file upload support via multipart/form-data. #1
• Test coverage is now 100%. #13

0.7a0

• Alpha: support for multipart/form-data. #1

0.6.1

• Now packaged as a sdist as well as a bdist_wheel

0.6

• Requests with an Authorization: Bearer xxx header are no longer subject to CSRF checks. #11
• Requests without cookies are no longer subject to CSRF checks unless the page path is explicitly listed in always_protect. #11