Implement CSRF protection
Now is csrf protection disabled. We need to implement csrf filter on backend and ensure filling appropriate headers / params on frontend.
#7 Updated by Radek Tomiška 2 months ago
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
We are using stateless rest => no cookies are used => CSRF protection is not required.
We are using browser localStorage to store frontend persistent setting, which can be vulnerable to XSS attack => we are using escaping and DOMPurify (XSS sanitizer for HTML) for users inputs to prevent these types of attacks.