dadi / web

Web is a drop in front end for websites and web apps. Consumes data from DADI API and others
https://dadi.cloud/en/web/
Other
48 stars 16 forks source link

Security: Enable CSRF by default? #369

Closed abovedave closed 6 years ago

abovedave commented 6 years ago

Should this be on by default in the config? Perhaps opens up a wider conversation of how much hand-holding with security we do.

 "security": {
    "csrf": true
  }

https://github.com/dadi/web/blob/09042534e09ce91f468da10c9f0acda1dcd5661f/config.js#L444-L449