Problem:
CSRF middleware ONLY validates tokens in form() data (URL-encoded or multipart)
API endpoints that accept application/json are completely unprotected
Attackers can bypass CSRF by sending JSON payloads
Impact: High - All JSON API endpoints vulnerable to CSRF attacks PoC
Problem:
CSRF middleware ONLY validates tokens in form() data (URL-encoded or multipart)
API endpoints that accept application/json are completely unprotected
Attackers can bypass CSRF by sending JSON payloads
Impact: High - All JSON API endpoints vulnerable to CSRF attacks PoC