search

bodgery / bodgery-member-api

1 stars 1 forks source link

Implement CSRF #13

Closed frezik closed 5 years ago

frezik commented 5 years ago

Create a CSRF secret, which is stored for each user in their server-side session. Any API calls that change state (PUT or POST, mostly) should verify the CSRF before doing anything.