Node JS : read-only API (except login) using cookies for sessions. do I need CSRF protection?

Friday, 21 August 2020

read-only API (except login) using cookies for sessions. do I need CSRF protection?

If a logged in user cannot change the state of the app through any endpoint, nor will they be able to ever, is it worth spending any time on CSRF protection?

Submitted August 21, 2020 at 08:57PM by YungSparkNote

Node JS

Friday, 21 August 2020

read-only API (except login) using cookies for sessions. do I need CSRF protection?

No comments:

Post a Comment