csrf in https://www.rockstargames.com/reddeadonline/feedback/submit.json

In this report, the researcher discovered an endpoint that lacked CSRF protection and demonstrated a way to exploit it via a remote webserver. Typically CSRF-related reports are not eligible for bounty, but the impact of this exploit was high enough to warrant a reward. This was only exploitable in Chrome browsers, and a recent Chrome update actually made this behavior impossible to exploit. Since this can no longer be exploited in modern browsers, it is effectively resolved.