|
|
|
|
|
|
by nchmy
248 days ago
|
|
|
Yes, I assumed this is what they were ignorantly pointing towards. Indeed, Csrf tokens are an ancient concept. WordPress, for example, introduced nonces a couple years before rails. Though, it does appear that rails might have been thr first to introduce csrf protection in a seemingly automated way. |
|
|
I believe the new technique is easier to use for SPA architectures because you no longer need to extract the token from a cookie before adding it to request headers.