In sum, if I am able to add a custom header to a request, that allows the disabling of CSRF check, will the endpoint be vulnerable to CSRF Attack ?
I'm bit lost.A custom header is such X-SKIP-CSRF: YES.
Asked
Active
Viewed 133 times
1 Answers
0
I think here's a whole conversation about custom headers here.
CSRF protection with custom headers (and without validating token)
Hope it helps.
Justin Lopez
- 16