Class | Rack::Protection::JsonCsrf |
In: |
lib/rack/protection/json_csrf.rb
|
Parent: | Base |
Prevented attack: | CSRF |
Supported browsers: | all |
More infos: | flask.pocoo.org/docs/security/#json-security |
JSON GET APIs are vulnerable to being embedded as JavaScript while the Array prototype has been patched to track data. Checks the referrer even on GET requests if the content type is JSON.
deny | -> | react |