Re: Re: Rest API v.2 developer credentials
Aldevinas Katkus
10-17-17
Thanks for the answer. One more question:
is there any CSRF protection implemented in the Rest API?
The CSRF (Cross Site Request Forgery) problem with OAuth is described here https://security.stackexchange.com/a/57886
It looks like the 'state' param is not sent back to the redirect_url. Quote
"The authorization code is issued and sent back to the client in your session along with the state parameter"
I was testing OAuth with this http://oauth2-client.thephpleague.com/usage/
Reply
Leave Comment
You can subscribe to notifications for this post by selecting the 'star' icon on the top right corner of the post.
Latest Posts
Use External Mail Software
Piotr Wycichowski
Hi, I checked option "Use External Mail Software" in setting "Mail and Conferences Settings" in module "Mail and Conferences". When I create an invoice email I have a ...
17:38 8 Aug 2025
Webclient in version 8.5 250507/85558691 - how to set it up?
Piotr Wycichowski
Hi, Is somebody experienced in necessary settings for successful connection to server using webclient. When I tried, I got warning in brower, that Web client settings for HTTPS is not setup. So I ...
12:59 21 July 2025