-
Story
-
Resolution: Done
-
Medium
-
None
-
None
-
None
The team decided to disable default CSRF Spring protection and not implement CSRF tokens validation. ACM is a stateless REST API that is not as vulnerable to CSRF attacks as web applications running in web browsers are. ACMÂ does not manage sessions, each request requires the authentication token in the header.
See https://docs.spring.io/spring-security/site/docs/5.3.8.RELEASE/reference/html5/#csrf
So, we can suppress this warning in sonar