|
|
|
|
|
|
by brokegrammer
245 days ago
|
|
|
True, it does seem like Rails introduced configuration-free token based CSRF protection, which "solved" CSRF for traditional server rendered apps. I believe the new technique is easier to use for SPA architectures because you no longer need to extract the token from a cookie before adding it to request headers. |
|
|