web site trusts or has authenticated with(e.g., via HTTP redirects or HTML forms). Any site that uses cookie based authentication is vulnerable to these types of attacks.
The {{book.project.name}} Admin Console is a pure JavaScript/HTML5 application that makes REST calls to the backend {{book.project.name}} admin REST API.
The admin REST API can also be configured to validate the CORS origins as well.
The only part of {{book.project.name}} that really falls into CSRF is the user account management pages.
To mitigate this {{book.project.name}} sets a state cookie and also embeds the value of this state cookie within hidden form fields or query parameters in action links.
This query or form parameter is checked against the state cookie to verify that the call was made by the user.