mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2026-07-02 10:08:51 +00:00
867488a25b
By default we require the header X-Requested-With to be set to TiddlyWiki. Can be overriden by setting csrfdisable to "yes" See https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers