Use of CSRF mitigation techniques in Appwrite SDK-s

I'm curious if Appwrite implements some kind of defense mehanism against Cross-Site Request Forgery attacks? This question is tied to the method or libraries Appwrite uses in client-side SDK-s to communicate with the Appwrite backend server. For Web SDK for instance, if the communication channel is implemented using the builtin fetch() coroutine, then CSRF protection must be configured manually. If a library like Axios is used, then CSRF protection is automatic, because Axios has it builtin. Therefore my question is, does Appwrite use the builtin fetch() coroutine and if it does, then has CSRF protection been implemented by the Appwrite team?

TL;DR

The user is asking if Appwrite implements CSRF protection in its SDKs. The response from Appwrite states that custom headers are required in the request, making it unlikely to be susceptible to CSRF attacks. The user is encouraged to create a proof of concept (POC) if they find any security vulnerabilities and share them with Appwrite. Solution: Appwrite requires custom headers in the request, offering built-in protection against CSRF attacks.

Appwrite shouldn't be susceptible to CSRF attacks because custom headers are required in the request. Feel free to create a POC if you find any security vulnerabilities and share them with security@appwrite.io

Oh we also validate the origin/referrer server-side to protect against CSRF

Reply to this thread by joining our Discord

Reply on Discord

Need support?

Join our Discord

Get community support by joining our Discord server.

Join Discord

Get premium support

Join Appwrite Pro and get email support from our team.

Learn more

Recommended threads

Need support?

Join our Discord

Get premium support