gateway: protect against CSRF

### Description and goal

The [`Sec-Fetch-Site`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Sec-Fetch-Site) HTTP header field is set by modern Web browsers and allows servers to easily protect against CSRF.

editoast doesn't have a lot of state-changing [simple requests](https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CORS#simple_requests), so the risk isn't very high. At worst, CSRF could be used to change a rolling stock's image, or to send a STDCM railway manager request. Still, we may introduce more simple requests in the future, and better be safe than sorry.

See https://words.filippo.io/csrf/

### Acceptance criteria

.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

gateway: protect against CSRF #14546

Description and goal

Acceptance criteria

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

gateway: protect against CSRF #14546

Description

Description and goal

Acceptance criteria

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions