understanding-csrf
understanding-csrf copied to clipboard
Update "Use only JSON API"
As you can read here: http://security.stackexchange.com/questions/10227/csrf-with-json-post JSON API are still vulnerable to CSRF if you are not checking the content type.
Not sure why no comments on this PR. But this PR doesn't clear the confusion and is succinctly to the point.
Thanks