I am making a CMS and I have a CSRF protection in settings, new article. Should I also put this protection in the logout ?
Asked
Active
Viewed 634 times
1 Answers
1
Short answer: yes.
Longer answer: You should have CSRF protection EVERYWHERE where you do something which requires the permission of the current logged in user and is changing some data.
SleepProgger
- 590
- 3
- 10