Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
J
J
jenya77712017-12-15 12:13:15
API
jenya7771, 2017-12-15 12:13:15

Do you need CSRF protection in the API?

Hello, I am making an API on nodeJs using the restify plugin, I use JWT for authorization. And I have a question: is it necessary to protect against such an attack in the API?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

3 answer(s)
Report
I
Ilya Gerasimov, 2017-12-15
@Omashu

No, the jwt issued token already fulfills this function

Report
B
Boris Korobkov, 2017-12-15
@BorisKorobkov

No.
CSRF, as the name Cross Site Request Forgery implies, is only needed to check access from the site (from the browser) and protect against bots.
The API, as the name suggests, the Application Programming Interface, on the contrary, is designed for bots.

Report
A
Alexey Guest007, 2018-01-09
@Guest007

In this case, CORS is used to control access sources.

Similar questions
D
dmitriev_romka2020-04-16 12:48:07
Request data from instagram via ID? 2Reply
I
Igor Myasnikov2018-02-02 01:04:18
How to translate data received via Json to another language? 0Reply
S
Shmel_02011-02-24 13:09:38
Mail.ru API: How to change the default "Sign in with Mail.ru" button? 2Reply
D
D1va2021-06-11 13:12:02
How to fix or change GET request correctly for API? 1Reply
D
dimonuzzz2015-09-30 16:02:22
How to upload an image to the vk server via a link? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question