Add CSRF token validation to API endpoints

## Description
While Rails provides CSRF protection by default for web requests, we should explicitly verify and document CSRF token handling for API endpoints.

## Current Implementation
- Rails default CSRF protection enabled for web requests
- API endpoints may bypass CSRF for token-based auth
- Not explicitly visible in ApplicationController

## Proposed Changes
1. Add explicit `protect_from_forgery with: :exception` to ApplicationController
2. Document CSRF token handling for API endpoints
3. Add tests to verify CSRF protection is active

## Acceptance Criteria
- [ ] CSRF protection explicitly declared in ApplicationController
- [ ] API authentication strategy documented
- [ ] Tests verify CSRF tokens are validated
- [ ] No breaking changes to existing API integrations

## References
- Rails Security Guide on CSRF
- NIST SP 800-53 SC-23

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CSRF token validation to API endpoints #686

Description

Current Implementation

Proposed Changes

Acceptance Criteria

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Add CSRF token validation to API endpoints #686

Description

Description

Current Implementation

Proposed Changes

Acceptance Criteria

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions