118155d737
The CSRF middleware was rejecting requests from LAN IPs because cfg.Host defaults to 'localhost' which doesn't match the LAN IP. Now supports DUMPSTER_CSRF_ORIGINS env var (comma-separated list of full origins) for additional trusted origins beyond cfg.Host. Removed debug logging from CSRF middleware.