Timeline for Should I use CSRF protection on Rest API endpoints?
Current License: CC BY-SA 4.0
4 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Aug 13, 2020 at 7:02 | comment | added | Dean Valentine | @peterh-ReinstateMonica Cute, but as I said in the post that's not what I meant. It's not uncommon you have a frontend sitting in front of the rest API with some endpoints that already perform mutative actions upon load, without requiring you to inject code into them. | |
| Aug 13, 2020 at 6:31 | comment | added | peterh | Wow, that is genial! So trivial, if a JS could be somehow injected into the target site, any session can be stolen. | |
| Aug 13, 2020 at 4:42 | review | Late answers | |||
| Aug 13, 2020 at 6:31 | |||||
| Aug 13, 2020 at 4:20 | history | answered | Dean Valentine | CC BY-SA 4.0 |