Description
Attachment file deletion endpoints lack CSRF token protection, leaving authenticated user attachments vulnerable to cross-site request forgery attacks via malicious third-party links.
Proposed Refactoring
- Integrate CSRF middleware protection on all state-modifying API endpoints.
- Verify double-submit cookies or custom header token validation.
Description
Attachment file deletion endpoints lack CSRF token protection, leaving authenticated user attachments vulnerable to cross-site request forgery attacks via malicious third-party links.
Proposed Refactoring