Possible CSRF vulnerabilities

[scalzava]

To whom it may concern.

Our security team is working on the automated detection of session vulnerabilities in opensource web applications, including CSRF. Our analyzer identified that the submit_as_json and submit_as_json_v1 functions of ledger_submit/views.py have been declared as CSRF exempt. After manual analysis, we believe that this practice might leave your application vulnerable to security-relevant CSRF attempts.

Can you take a look into the relevant code parts and comment on the issue?

[vifon]

These endpoints are intended to be used externally, the CSRF exempts are fully intended.