I'm using sails.js as backend, or, more generally, nodejs.
The admin page of my website is accessed by browser, and yet for all the non-admin users, they should access my backend resource through native mobile app(iOS/Android).
I figured that for native app restful http requests, it is not necessary to enable csrf protection, yet for admin page browser access, it is.
So I wonder if it's possible to enable csrf protection for browser access and disable csrf protection for mobile native app access?
You can use different controller/ route to be partially load which endpoint that use CSRF. Look at this answer.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With