Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

sails.js enable csrf for browser access and disable csrf for native app access

I'm using sails.js as backend, or, more generally, nodejs.

The admin page of my website is accessed by browser, and yet for all the non-admin users, they should access my backend resource through native mobile app(iOS/Android).

I figured that for native app restful http requests, it is not necessary to enable csrf protection, yet for admin page browser access, it is.

So I wonder if it's possible to enable csrf protection for browser access and disable csrf protection for mobile native app access?

like image 455
dulan Avatar asked Oct 20 '22 06:10

dulan


1 Answers

You can use different controller/ route to be partially load which endpoint that use CSRF. Look at this answer.

like image 121
Andi N. Dirgantara Avatar answered Oct 22 '22 01:10

Andi N. Dirgantara