Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jenya77712017-12-15 12:13:15
API
jenya7771, 2017-12-15 12:13:15

Do you need CSRF protection in the API?

Hello, I am making an API on nodeJs using the restify plugin, I use JWT for authorization. And I have a question: is it necessary to protect against such an attack in the API?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
I
Ilya Gerasimov, 2017-12-15
@Omashu

No, the jwt issued token already fulfills this function

Report
B
Boris Korobkov, 2017-12-15
@BorisKorobkov

No.
CSRF, as the name Cross Site Request Forgery implies, is only needed to check access from the site (from the browser) and protect against bots.
The API, as the name suggests, the Application Programming Interface, on the contrary, is designed for bots.

Report
A
Alexey Guest007, 2018-01-09
@Guest007

In this case, CORS is used to control access sources.

Similar questions
D
Denis Arkhipov2016-01-30 13:30:10
Roulette site on mongodb - empty pages after authorization in steam. What is it connected with? 2Reply
S
selfkilla6662020-06-21 06:38:37
How to get response from Aiogram user? 1Reply
N
Nick20152016-01-30 19:00:00
Private api or how to do it right? 1Reply
S
SANYAAAASSSS2018-06-14 15:04:18
Link to download avatars from instagram? 2Reply
I
Ilya Magdenko2020-06-22 12:53:22
Is it correct to make API JSON Body with optional keys? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question