Basically doing this is the same as as refreshing the page when traditionally running into 419 errors, but without having to refresh the page. Since the CSRF lives in the user's session, it sticks ok.
Since it's only through the axios side, it doesn't pose any security risks (that I'm aware of). Someone doing a cross-site attack would not be using axios, but direct requests to the app
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Basically doing this is the same as as refreshing the page when traditionally running into 419 errors, but without having to refresh the page. Since the CSRF lives in the user's session, it sticks ok.
Since it's only through the axios side, it doesn't pose any security risks (that I'm aware of). Someone doing a cross-site attack would not be using axios, but direct requests to the app