|
|
|
|
|
|
by benmmurphy
1503 days ago
|
|
|
Blind CSRF should be protected at the application level by CSRF tokens. I don’t think I can come up with a situation where using tail scale auth + CSRF tokens puts you in a worse situation than just using CSRF tokens. Obviously, if you don’t use CSRF tokens you have a problem but you have a problem even if you don’t use this tailscale auth. |
|
|