Firebase backend to receive a user idToken and authenticate via Django REST Framework 'authentication.BaseAuthentication'. Optionally, a new local user can be created in the process.
MIT License
128
stars
62
forks
source link
Should I use CSRF sessionauthentication with drf-firebase-auth? #29
I am currently using drf-firebase-auth with vue.js and I don't know if I should implement CSRF with Djangorestframework. Should I look on how to do it? And should I be concerned or not if I am not using it? I don't know too much about security, and I don't want to leave a vulnerability in my website. I checked the following explanation and it says:
TokenAuthentication. This requires clients to pass a token in the Authorization header of each request. This is the kind of authentication you should use for most client-server setups, like a mobile app or desktop app consuming your API.
This kind of auth doesn’t require CSRF protection. The token isn’t stored in a cookie, so it doesn’t get sent automatically by your browser, which means it can’t cause CSRF vulnerabilities.
I am currently using drf-firebase-auth with vue.js and I don't know if I should implement CSRF with Djangorestframework. Should I look on how to do it? And should I be concerned or not if I am not using it? I don't know too much about security, and I don't want to leave a vulnerability in my website. I checked the following explanation and it says:
What's your opinion on this?