Skip to content
This repository has been archived by the owner on Sep 24, 2018. It is now read-only.

Add CSRF protection when using cookie authentication #177

Closed
rmccue opened this issue May 5, 2014 · 0 comments
Closed

Add CSRF protection when using cookie authentication #177

rmccue opened this issue May 5, 2014 · 0 comments
Assignees
Milestone

Comments

@rmccue
Copy link
Member

rmccue commented May 5, 2014

In #37, we're removing Basic authentication. This leaves only cookie authentication (that is, built-in WP authentication) by default in the API, with other forms of authentication handled independently.

To avoid possible CSRF, we should check against a nonce field when using cookie authentication.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

1 participant