Improve security by using XSRF token

partidodev / partido-server

Java based server and API for Partido - a platform independent tool to split and share expenses in groups.

https://partido.rocks

MIT License

1 stars 1 forks source link

Improve security by using XSRF token #51

Open jljabben opened 2 years ago

jljabben commented 2 years ago

Tracking issue for:

[ ] https://github.com/partidodev/partido-server/security/code-scanning/1

Guide: https://www.baeldung.com/csrf-stateless-rest-api#enable-csrf-protection-with-rest-api

jljabben commented 2 years ago

At first, the partido client should be made ready to read the XSRF-TOKEN cookie and send the token in every request in an appropiate header: partidodev/partido-client#30