Potential issue with CSRF when using logged in based web api's

jmons / ramlwrap

Wrapping Raml around Django rest-api's

MIT License

8 stars 2 forks source link

Potential issue with CSRF when using logged in based web api's #14

Closed jmons closed 7 years ago

jmons commented 7 years ago

Matthew is helping us find some new ways of using RamlWrap when used with a web app (i.e. a session based login). Currently forced CSRF token exemption is one solution but how applicable is this?