REST: Use a CSRF Token and a Cookie to authorize Requests