API with SSO access requires some CSRF protection
|Found in release:||Pull request:|
|Velocity based estimate||-|
When using SSO impls, we should employ some CSRF protection so a user with say, an active Kerberos ticket, can't be attacked to perform API requests using their active SSO.
See https://github.com/theforeman/foreman/pull/1331#issuecomment-39075332 for some background.