Open srflaxu40 opened 5 years ago
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Synchronizer_.28CSRF.29_Tokens
http://scottksmith.com/blog/2014/09/04/simple-steps-to-secure-your-express-node-application/
Add to forms so user sessions are defined by CSRF security tokens and JWTs.
CSRF tokens should be used in any state altering method; as opposed to JWT which is for any API call.
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Synchronizer_.28CSRF.29_Tokens
http://scottksmith.com/blog/2014/09/04/simple-steps-to-secure-your-express-node-application/
Add to forms so user sessions are defined by CSRF security tokens and JWTs.
CSRF tokens should be used in any state altering method; as opposed to JWT which is for any API call.