it would probably be nice with some csrf protection since we allow javascript uploads.
it would probably be nice with some csrf protection since we allow javascript uploads.