Skip to content

Security: Add CSRF protection to API routes #132

Description

@LaGodxy

Summary

The API routes lack CSRF protection.

Implementation

  • CSRF token generation on session start
  • Token validation middleware
  • SameSite cookie attribute
  • Origin header validation
  • Double-submit cookie pattern

Metadata

Metadata

Assignees

Labels

Stellar WaveIssues in the Stellar wave programsecuritySecurity issue or hardening opportunity

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions