Doubts, API Restfull x Angular x CSRF

1

I'm developing an application, in the backend I'm developing a Restful in PHP, and in the front, Angular.

I have a simple question about CSRF protection: Do I need to protect against CSRF?

If yes, how can I make it fully stateless?

    
asked by anonymous 10.11.2017 / 21:30

1 answer

2
  

Is it necessary to protect against CSRF?

I understand that any system where you use Cross-site Request Forgery protection is to avoid requests coming from source or forms not expected by the application. Therefore, we can only determine if it is necessary depending on the sensitivity of the data and the operations made in its application.

It was not clear that you intend to use CSRF protection, but I'd like you to take a look at the answer to this question on the site to help you better understand how to use CSRF:

What is CSRF attack and what damage can it cause?

I see that you are concerned about protection.

You may wonder if your backend will have some kind of protection, such as using some kind of specific authentication (Like regular form logins, OAuth , # and the like).

    

11.11.2017 / 03:51