API with SSO access requires some CSRF protection
|Triaged:||Fixed in Releases:|
|Bugzilla link:||Found in Releases:|
When using SSO impls, we should employ some CSRF protection so a user with say, an active Kerberos ticket, can't be attacked to perform API requests using their active SSO.
See https://github.com/theforeman/foreman/pull/1331#issuecomment-39075332 for some background.