Add CSRF protection when using cookie authentication #177

rmccue opened this Issue May 5, 2014 · 0 comments


None yet

1 participant

rmccue commented May 5, 2014

In #37, we're removing Basic authentication. This leaves only cookie authentication (that is, built-in WP authentication) by default in the API, with other forms of authentication handled independently.

To avoid possible CSRF, we should check against a nonce field when using cookie authentication.

@rmccue rmccue added this to the 1.0 milestone May 5, 2014
@rmccue rmccue self-assigned this May 5, 2014
@rachelbaker rachelbaker closed this in #180 May 15, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment