Magic: CSRF in generating developer api_key

Hi At https://dashboard.forttmatic.com when developer tries to generate new apikey for his application, a POST request is sent to https://api.forttmatic.com which doesn't have any tokens to guard against CSRF attacks. CSRF POC : history.pushState'', '', '/' On submitting the above request, a new...