jujudellago
PRO
said over 3 years ago
on
Cross-Origin Resource Sharing (CORS)
:
well I didn't plan anything like passing a cookie or JWT for this case, I assumed there would be an easy way to prevent external access..
the json calls are in the same app, I use them to populate some datatables, working as server side.
after some research I ended up replacing the GET by POST, added the csrf_token to the requests, and got the system secured
the json calls are in the same app, I use them to populate some datatables, working as server side.
after some research I ended up replacing the GET by POST, added the csrf_token to the requests, and got the system secured