11 lines
No EOL
363 B
YAML
11 lines
No EOL
363 B
YAML
name: XSRF-TOKEN
|
|
in: cookie
|
|
required: true
|
|
schema:
|
|
type: string
|
|
pattern: "^[a-zA-Z0-9_-]{32,64}$"
|
|
example: "abc123def456ghi789jkl012mno345pqr"
|
|
description: |
|
|
Anti-CSRF token (Double Submit Cookie pattern).
|
|
Stored in non-HttpOnly cookie, readable by JavaScript.
|
|
Must be echoed in `X-XSRF-TOKEN` header for state-changing requests (POST/PUT/PATCH/DELETE). |