How to secure Rails API for SPA with CSRF protection? Is it needed for JWT ? Or just for session cookies? In this article we will look at the problems and solutions :)

https://blog.eq8.eu/article/rails-api-authentication-with-spa-csrf-tokens.html