[FastAPI] Consider / Implement CSRF Correctly

In our PHP codebase, there are various forms which employ a token input; a token input that is then checked to match the submitter's AURSID. In essence, it is a CSRF implementation that does not cohere with CSRF at all, other than passing a token and checking the token is correct. In fact, I'd say exposing AURSID in the DOM promotes insecurity.

So, I'm opening this issue to start discussion on this topic.

I'd like to ask where folks would consider CSRF is needed to promote security, and why that is the case.