Details
-
Improvement
-
Resolution: Obsolete
-
High
-
Known Issues 5.x Stack, 5.0, 5.1
-
None
Description
Create session REST resource is not protected against CSRF attack.
See http://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests