Warning! This documentation is a work in progress. Expect things to be out of date and not actually work according to instructions.

Cross-site Request Forgery (XSRF) Protection

By default, all Stallion RESTful endpoints protect against Cross-site Request Forgery Attacks for all requests with a logged in user cookie that are either 1) not a GET request or 2) not a “text/html” response.

When making a request, you must pass in a cookie XSRF-TOKEN and a header X-XSRF-TOKEN both with the same value. If you use the stallion.request method for AJAX from the stallion.js library, this will be handled for you automatically.

If you want to disable Xrsf checks for a particular endpoint, add the annotation @XSRF(false) from the the class io.stallion.restfulEndpoints.XSRF;

© 2024 Stallion Software LLC