You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The content-type "multipart/form-data" is enabled by default for POST requests, besides application/json.
I don't want to disable it because I am using it for file uploads.
This is now a security issue, as this makes the API vulnerable to CSRF requests by changing the content type of queries.
See [https://owasp.org/www-community/attacks/csrf] for more information.
Is there a way to enable other content types besides application/JSON for specific actions like file upload?
Is there a plan to implement CSRF tokens?
I've attached an example (change the IP address to yours in the HTML):
Hi,
The content-type "multipart/form-data" is enabled by default for POST requests, besides application/json.
I don't want to disable it because I am using it for file uploads.
This is now a security issue, as this makes the API vulnerable to CSRF requests by changing the content type of queries.
See [https://owasp.org/www-community/attacks/csrf] for more information.
Is there a way to enable other content types besides application/JSON for specific actions like file upload?
Is there a plan to implement CSRF tokens?
I've attached an example (change the IP address to yours in the HTML):
The text was updated successfully, but these errors were encountered: