When you enable CSRF protection there is a ".crumb" header generated for login form and ajax requests. The problem is that this token is regenerated through sessions so basically it's useless.
- Unassigned
- Dimitar Kostov
- Votes:
-
0 Vote for this issue
- Watchers:
-
1 Start watching this issue
- Created:
- Updated: