question: any consideration for xsrf?

fnakstad / angular-client-side-auth

One way to implement authentication/authorization in Angular applications

http://angular-client-side-auth.herokuapp.com/

MIT License

1.63k stars 346 forks source link

question: any consideration for xsrf? #52

Closed tony-kerz closed 10 years ago

tony-kerz commented 10 years ago

hi fred,

wondering if you have considered accounting for xsrf at all in this scheme?

regards, tony.

fnakstad commented 10 years ago

Hi Tony :) Optimally you should be using HTTPS to prevent session hijacking. The measures taken in the application as of now is simply setting a CSRF cookie using Express.