to make that clearer:
On 13 Jan., 14:20, phil firstname.lastname@example.org wrote:
Sorry… what? Your answer is somewhat cryptic…
well, you are asking
Is there a way around this with some sort of authentication on the
and fred tells you to go rope-skipping:
You’re not going to want to have crsf tokens and what not for an api.
if you think about it, he probably meant CSRF:
and therefor: “no, there is no way around this”, because
It doesn’t make any sense.
so, you have plenty of other possibilities to improve security:
Use http basic, restrict it to requests from the internal network, use api tokens etc… etc…
The world is your oyster.
btw: no offense. i just liked fred’s typo