partidodev / partido-server

Java based server and API for Partido - a platform independent tool to split and share expenses in groups.
https://partido.rocks
MIT License
1 stars 1 forks source link

Improve security by using XSRF token #51

Open jljabben opened 2 years ago

jljabben commented 2 years ago

Tracking issue for:

Guide: https://www.baeldung.com/csrf-stateless-rest-api#enable-csrf-protection-with-rest-api

jljabben commented 2 years ago

At first, the partido client should be made ready to read the XSRF-TOKEN cookie and send the token in every request in an appropiate header: partidodev/partido-client#30