CSRF vulnerability on Server Connect

I believe the current implementation of Server Connect is vulnerable to CSRF

Example of affected usage, logout button:

Because there's no CSRF token validation on GET requests, a user could be logged out by just visiting another website with something like:

<img src="https://example.com/api/logout">

The way to make this safe is to make it a POST form with a CSRF token, or a GET request with a CSRF token. Maybe add a checkbox on Wappler UI to add a CSRF token somehow? Ideally served server-side


Edit: Server Connect Forms (POST) also lack a CSRF token. In order to not break existing applications that may use the API outside of a website context, the CSRF token should be optional but encouraged for new projects

implemented in Wappler 6.6.0