How we can defence against CSRF attack on the apis which are exposed on the apigee ?
domain level restriction can be added in CORS but what about apis ? any suggestion
<Header name="Access-Control-Allow-Origin">allowed-domain-only</Header>
You can verify the origin header in request side.
I am looking some other suggestion for API's, we are already covering that and same highlighted in the question itself
Ok, then try cookies cleared for each request and resubmit the cookies again.
User | Count |
---|---|
1 | |
1 | |
1 | |
1 | |
1 |