Cross-site Request Forgery (XSRF) Protection
By default, all Stallion RESTful endpoints protect against Cross-site Request Forgery Attacks for all requests with a logged in user cookie that are either 1) not a GET request or 2) not a “text/html” response.
When making a request, you must pass in a cookie XSRF-TOKEN and a header X-XSRF-TOKEN both with the same value. If you use the
stallion.request method for AJAX from the
stallion.js library, this will be handled for you automatically.
If you want to disable Xrsf checks for a particular endpoint, add the annotation
@XSRF(false) from the the class