Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

docs($http): reword of XSRF attack overview #13901

Closed
wants to merge 1 commit into from
Closed

docs($http): reword of XSRF attack overview #13901

wants to merge 1 commit into from

Conversation

vucalur
Copy link
Contributor

@vucalur vucalur commented Jan 30, 2016

Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.

@vucalur
docs($http): reword of XSRF attack overview
51f272a 
Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.
@gkalpak gkalpak closed this in 23395ce Jan 31, 2016
gkalpak pushed a commit that referenced this pull request Jan 31, 2016
@vucalur @gkalpak
docs($http): reword the XSRF attack overview
8dc4c75 
Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.

Closes #13901
@gkalpak
Copy link
Member

gkalpak commented Jan 31, 2016

I reworded it a bit and merged. Thx !
Backported to v1.4.x as 8dc4c75.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
cla: yes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@vucalur @gkalpak @googlebot