[security-dev] CSRF and json

Bill Burke bburke at redhat.com
Mon May 5 18:55:44 EDT 2014

If you have a JSON based web-service is it still vulnerable to CSRF 
requests?  CORS should be one protection.  For cross domain FORM posts, 
if the json service checks the media type for application/json it should 
abort the request, correct?

Bill Burke
JBoss, a division of Red Hat

More information about the security-dev mailing list