Closed frezik closed 5 years ago
Any calls from the frontend that change state (basically, anything that makes a PUT or POST call) needs to be protected by CSRF. Calls made via an OAuth token should not check for a CSRF.
Any calls from the frontend that change state (basically, anything that makes a PUT or POST call) needs to be protected by CSRF. Calls made via an OAuth token should not check for a CSRF.