I am building a search function on my site and users can search for others users. Im making an axios.get request against
/api/search?q= with their query.
The problem i'm having is that users can simply visit
/api/search?q= and it will return information about a lot of users i don't want them to have access to.
Could i somehow handle the access via CSRF token or something else to fix this issue?