Closed KonstantinSchubert closed 8 years ago
Because the CSRF token is not passed with the REST API's POST/GET/UPDATE/.. request in the request url, all these urls are vulnarable from CSRF attacks.
I will fix this simply by requring the "User-Agent" to be set to "Workload_App_Android_CSRF_EXCEMPT"
Fixed in commit https://github.com/KonstantinSchubert/workload/commit/932689ae545f1115555f10d859e7d07b34780ca1
Because the CSRF token is not passed with the REST API's POST/GET/UPDATE/.. request in the request url, all these urls are vulnarable from CSRF attacks.