Csrf prevention (!58) · Merge requests · Softweb Inc / beeMapsoftwebinc

roarusko requested to merge backend-csrf into staging Feb 14, 2021

Added simple csrf prevention to fix issue #5 (closed) :

The server generates a random, unique csrf token, stores it in the session and appends the token on the map and admin pages
The token is added to every POST, PUT and DELETE request inside 'x-csrf-token' header
Likewise, for every POST, PUT and DELETE request, the server checks that the token stored in the session matches the token from the header

Edited Feb 14, 2021 by roarusko

Csrf prevention