CSRF tokens leaked in URL by canned query form
Impact The HTML form for a read-only canned query includes the hidden CSRF token field added in 798 for writable canned queries 698. This means that submitting those read-only forms exposes the CSRF token in the URL - for example on https://latest.datasette.io/fixtures/neighborhoodsearch submitti...