toucan
toucan copied to clipboard
CSRF and JWT
There is a CSRF prevention mechanism on the template, which adds CSRF token to each request. But since this template use JWT to authorize requests then why we need the CSRF token? As I understand CSRF attack is only possible when an app uses cookies based authorization. But here we have "Authorise" header on each request. Please, forgive me my ignorance if I don't understand something.