We prevent against CSRF by using custom headers (as long as the user has correctly restricted the CORS’ Allowed origins). If however, that restriction is not possible, then we do provide an anti CSRF token which is added to the request header for each request
SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).
