Closed abovedave closed 6 years ago
Should this be on by default in the config? Perhaps opens up a wider conversation of how much hand-holding with security we do.
"security": { "csrf": true }
https://github.com/dadi/web/blob/09042534e09ce91f468da10c9f0acda1dcd5661f/config.js#L444-L449
Should this be on by default in the config? Perhaps opens up a wider conversation of how much hand-holding with security we do.
https://github.com/dadi/web/blob/09042534e09ce91f468da10c9f0acda1dcd5661f/config.js#L444-L449