|
|
|
|
|
|
by steakejjs
4239 days ago
|
|
|
You'll notice a lot of people just have X-CSRF.* header (Stripe for example if you want to check one out). In my opinion you might as well just go the full 9 and actually implement an anti-CSRF solution instead of a quick hack. x-Requested-By works but your webapp can be built in a way that things like insecure redirects fool you app. The best solution is just to use tokens. |
|
|