Comment 20 for bug 560246

So, it would indeed be nice to revisit this, as the header isn't the full story. However we are fairly happy with our CSRF protection today, and while we're happy to improve it it is not on our current roadmap.

If someone wants to put forward a patch to change things, we'd be delighted to mentor them in getting started on LP development.