Dapr instance, which is listening on all interfaces, does not employ any API authentication or CSRF tokens in the default configuration. This allows attackers to launch a CSRF attack from a web browser into is recommended that the Dapr sidecar API should use randomly generated authentication tokens by default. Additionally, the Dapr sidecar should only be exposed to the loopback interface by default