implement some CSRF protection
Description
currently external pages can make calls to all our endpoints with access of the current loggedin account
Goal
detect these requests and block them!
Possible Solutions
- XSRF Cookie
- Referer checks
Links / references
Edited by Chris Oelmueller