Any request that include a valid session token is able to perform a query on the behalf of the user who the session token belongs to. Therefore being susceptible to CSRF attacks are a real possibility.
A malicious websites could extract such data from session storage and then replicate that user, or redirect to the site and perform actions on behalf of that user.
Has anyone implemented C-Surf or something similar to ensure that the request is coming from a valid origin? How could we implement some sort of protection in Parse Server?
See here for node examples of this: https://www.twilio.com/blog/2018/01/protect-your-node-js-app-from-cross-site-request-forgery.html