Skip to content
This repository has been archived by the owner. It is now read-only.

Add CSRF protection when using cookie authentication #177

Closed
rmccue opened this issue May 5, 2014 · 0 comments
Closed

Add CSRF protection when using cookie authentication #177

rmccue opened this issue May 5, 2014 · 0 comments
Assignees
Milestone

Comments

@rmccue
Copy link
Member

@rmccue rmccue commented May 5, 2014

In #37, we're removing Basic authentication. This leaves only cookie authentication (that is, built-in WP authentication) by default in the API, with other forms of authentication handled independently.

To avoid possible CSRF, we should check against a nonce field when using cookie authentication.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
You can’t perform that action at this time.