This upload endpoint performs a state-changing action using cookie auth but does not apply CSRF protection (most other /api/projects/* mutating routes call withCsrfProtection). Please add CSRF protection here to prevent cross-site uploads.
Originally posted by @Copilot in #54 (comment)
This upload endpoint performs a state-changing action using cookie auth but does not apply CSRF protection (most other
/api/projects/*mutating routes callwithCsrfProtection). Please add CSRF protection here to prevent cross-site uploads.Originally posted by @Copilot in #54 (comment)