This would be a good step to protect it. I've noticed some actions don't require the password authentication, which could be used by a CSRF attack to do something you don't want.
You are viewing a single comment's thread from:
This would be a good step to protect it. I've noticed some actions don't require the password authentication, which could be used by a CSRF attack to do something you don't want.