[security-dev] CSRF and json

Monday, 5 May 2014

If you have a JSON based web-service is it still vulnerable to CSRF 
requests?  CORS should be one protection.  For cross domain FORM posts, 
if the json service checks the media type for application/json it should 
abort the request, correct?

-- 
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

[security-dev] CSRF and json