Open XanderVertegaal opened 3 weeks ago
Currently, /api/graphql is exempt from CSRF.
/api/graphql
We could solve this by sending CSRF-tokens along with every request, or by implementing a good user/permission system, which ensures that non-authenticated users are not able to query/mutate anything.
Currently,
/api/graphql
is exempt from CSRF.We could solve this by sending CSRF-tokens along with every request, or by implementing a good user/permission system, which ensures that non-authenticated users are not able to query/mutate anything.