This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Announcements
The Google Cloud Community will be in read-only from July 16 - July 22 as we migrate to a new platform; refer to this community post for more details.
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Defence against CSRF for API's

Posted on 09-25-2020 07:37 AM
sartajsisodiya
New Member
Reply posted on --/--/---- --:-- AM

How we can defence against CSRF attack on the apis which are exposed on the apigee ?

domain level restriction can be added in CORS but what about apis ? any suggestion 

<Header name="Access-Control-Allow-Origin">allowed-domain-only</Header>
0 3 570
Topic Labels
0 Likes
Reply
3 REPLIES 3

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

You can verify the origin header in request side.

0 Likes
Reply

Posted on --/--/---- --:-- AM
sartajsisodiya
New Member
In response to
Reply posted on --/--/---- --:-- AM

I am looking some other suggestion for API's, we are already covering that and same highlighted in the question itself

0 Likes
Reply

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

Ok, then try cookies cleared for each request and resubmit the cookies again.

0 Likes
Reply
Top Solution Authors
View all