aidewoode opened this issue a year ago · 0 comments
Right now Black Candy can use API when user logged in with session, it has potential security risk in CSRF. So need to remove session based authentication in API