Best practice (OWASP) is to enforce CSRF on the /logout endpoint.
This has some UX implications since when enabled, the endpoint can fail. Common ways to handle this is to
redirect to a confirmation screen (where the CSRF token is attached to) and submit from there.
Best practice (OWASP) is to enforce CSRF on the /logout endpoint.
This has some UX implications since when enabled, the endpoint can fail. Common ways to handle this is to
redirect to a confirmation screen (where the CSRF token is attached to) and submit from there.