As the API is currently authenticated with cookies, it's possible to commit CSRF (Cross Site Request Forgery) requests tricking players into performing actions they don't want to.
Switch to authenticating requests using an Authorization header and a Bearer token.
As the API is currently authenticated with cookies, it's possible to commit CSRF (Cross Site Request Forgery) requests tricking players into performing actions they don't want to.
Switch to authenticating requests using an
Authorization
header and a Bearer token.