Back-porting change from 2.3 (should have been patched into 2.2 originally)

J7mbo · weaverryan · commit e9d2df62870b · 2013-06-30T16:38:49.000-05:00
Updated XSSI Json Hijacking Caution Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. POST requests remain unaffected. (cherry picked from commit b845591)
diff --git a/components/http_foundation/introduction.rst b/components/http_foundation/introduction.rst
@@ -506,7 +506,10 @@ to ``application/json``.
     as the outer-most array to ``JsonResponse`` and not an indexed array so
     that the final result is an object (e.g. ``{"object": "not inside an array"}``)
     instead of an array (e.g. ``[{"object": "inside an array"}]``). Read
-    the `OWASP guidelines`_ for more information.
+    the `OWASP guidelines`_ for more information. 
+    
+    Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. 
+    Methods responding to POST requests only remain unaffected.
 
 JSONP Callback
 ~~~~~~~~~~~~~~
