|
|
|
|
Cross-site request forgery requires a browser container. Generally APIs are not meant to be supported directly in a browser container so the session is not kept as a browser cookie and CSRF is not a viable threat.
Copyright © 2016 Oracle and/or its affiliates. All rights reserved.