Do not bother with the CSRF token in Authenticator.java as we are not actually using it.

albrechtjan / workload-android

The Android App for the TU Dresden Physik Workload Website

https://survey.zqa.tu-dresden.de

GNU Affero General Public License v3.0

0 stars 0 forks source link

Do not bother with the CSRF token in Authenticator.java as we are not actually using it. #20

Open KonstantinSchubert opened 8 years ago

KonstantinSchubert commented 8 years ago

After all, CSRF protection is turned of when the the user agent string "Workload_App_Android_CSRF_EXCEMPT" signals that it is the app, not a browser, which is accessing the web API.