A modern approach to preventing CSRF in Go