Hi, We are creating our frontend using angular.js and the API layer is in web2py. The web2py documentation says -
web2py prevents CSRF as well as accidental double submission of forms by > assigning a one-time random token to each form. So how will that work in the instance of a pure JS frontend ? Will I need to implement something on the client side to enable it ? The initial request will go to the web2py app, which will send back the index.html, which will contain the js script as an include. This will load the js interface during the initial request. After this all calls will be ajax calls to the server, to return back JSON. Also I will be using the web2py authentication/authorization for securing the API. So would I be breaking any web2py compatibly in this regard or with any other security concerns ? Thanks, Murtaza --
