Uploaded image for project: 'CloverDX'
  1. CloverDX
  2. CLO-19696

API CSRF protection

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: rel-5-8-0
    • Component/s: None
    • Security Level: Users (General product issues)

      Description

      Our new API is 'vulnerable' to CSRF exploits.

       

      Implementing same mechanism as Simple HTTP API would be too annoying for users IMO.

      Can we come up with something better?

      https://mathieu.fenniak.net/is-your-web-api-susceptible-to-a-csrf-exploit/

        Attachments

          Activity

            People

            Assignee:
            trnkaj Jiri Trnka
            Reporter:
            salamonp Pavel Salamon
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: