XSRF Side Channel
2019-12-29, 11:50–11:55, Borg

Get requests to REST APIs are not protected against XSRF, this opens a side-channel to attackers able to read the network traffic.


Get requests to REST APIs are not protected against XSRF, this opens a side-channel to attackers able to read the network traffic. How to deal with this?