Description
Determine the approach for CSRF prevention and how to align with the protection that needs to be provided at the service endpoints themselves. The services need to provide this for when Knox is not deployed.
Does Knox just pass through the custom header that is sent by the client?
Does Knox have its own relationship and established header value with the services?
How do we communicate the required header values and names to the Knox clients of various types - including Knox ClientDSL?