Currently, the API endpoints do have a disabled CSRF check. This is not ideal as it would in general allow for CSRF attacks.
This is not too critical as we do not have any endpoints of type GET that do change any data. As a result, just by clicking a wrong link (which will be opened via a GET command), should not impose a high-security issue.
We should solve this nevertheless soon. Especially the 3rd party apps need to be notified of upcoming changes.
Currently, the API endpoints do have a disabled CSRF check. This is not ideal as it would in general allow for CSRF attacks.
This is not too critical as we do not have any endpoints of type
GETthat do change any data. As a result, just by clicking a wrong link (which will be opened via aGETcommand), should not impose a high-security issue.We should solve this nevertheless soon. Especially the 3rd party apps need to be notified of upcoming changes.