This repository has been archived by the owner on Jan 24, 2020. It is now read-only.
CSRF and JWT #29
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
There is a CSRF prevention mechanism on the template, which adds CSRF token to each request. But since this template use JWT to authorize requests then why we need the CSRF token? As I understand CSRF attack is only possible when an app uses cookies based authorization. But here we have "Authorise" header on each request.
Please, forgive me my ignorance if I don't understand something.
The text was updated successfully, but these errors were encountered: