Doubt, API Restfull x Angular x CSRF

Asked

Viewed 98 times

1

I am developing an application, in the backend I am developing a Restful in PHP, and in the front, Angular.

I have a simple question about CSRF protection: It is necessary to protect against CSRF?

If yes, how can I make her totally stateless?

1 answer

2

It is necessary to protect against CSRF?

I understand that any system where you use a protection against the Cross-site Request Forgery is to avoid requests coming from source or forms not expected by the application. Therefore, we can only determine if it is necessary depending on the sensitivity of the data and the operations done in your application.

It was unclear what the intention was to use CSRF protection, but I would like you to take a look at the answer to this question asked here on the site to help you better understand about using CSRF:

What is CSRF attack and what damage it can cause?

I see you’re worried about protection.

Maybe you might wonder if your backend is going to have some kind of protection, like using some kind of specific authentication (like common form logins, Oauth, JWT and the like).

  • Just out of curiosity, I’ll leave this link here https://answall.com/questions/254503/o-que%C3%A9-basic-auth

Browser other questions tagged

You are not signed in. Login or sign up in order to post.