Skip to content

Updated XSSI Json Hijacking explanation #2710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 228 commits into from
Closed

Updated XSSI Json Hijacking explanation #2710

wants to merge 228 commits into from

Conversation

J7mbo
Copy link
Contributor

@J7mbo J7mbo commented Jun 7, 2013

Only methods that respond to GET requests are vulnerable to 'XSSI JSON Hijacking'.

humandb and others added 30 commits October 18, 2012 21:23
@humandb
Update reference/configuration/framework.rst
c01bc53 
This PR is related to this one symfony/symfony#5347.
@humandb
Update reference/dic_tags.rst
460406e 
Adding tags to the tag list reference
@humandb
Update reference/configuration/framework.rst
f723940 
Changing backticks
@humandb
Update reference/configuration/framework.rst
70ca20c 
The GetSetMethodNormalizer is not loaded by default
@lmcd
Add note about console autocompletion
6533268
@webmozart
Adapted the docs to the rename of the "virtual" form option to "inher…
dbfcaff 
…it_data"
@humandb
Update reference/configuration/framework.rst
700f529
@humandb
Update reference/configuration/framework.rst
63fae5b
@weaverryan
[symfony#2283] Updating URL from 2.1 to master on master branch
f3c431f
@fabpot
added a note about the new setCurrent method on the progress helper
eae1566
@fabpot
removed deprecated trust_proxy_headers docs
441e766
@fabpot
removed docs on PHP parsing in YAML files
74f9a1f
@fabpot
updated deprecated usage of flash bags
f886afc
@fabpot
removed deprecated min/max/minlength/maxlength constraints
6e7c0cd
@fabpot
updated the way form errors are customized
ac9fbcd
@marcosQuesada
Added documentation to cover PR symfony#6951 on serializer component.
2521b05
@hacfi
Document new framework option http_method_override
d879786
@weaverryan
Merge pull request symfony#2342 from fabpot/progress-helper
7b06db8 
added a note about the new setCurrent method on the progress helper
@fabpot
added documentation for the dispatchable console application
784b611
@fabpot
updated documentation for synchronized services
f9bbfcd
@weaverryan
Merge pull request symfony#2343 from fabpot/synchronized-services
2821a55 
updated documentation for synchronized services
@weaverryan
[symfony#2343] Minor tweaks to synchronized services section
35fff77
@fabpot
removed deprecated cookie config options
bf4ce18
@fabpot
removed deprecated auto_start setting
a786941
@fabpot
removed deprecated charset setting
934531c
@weaverryan
Merge branch 'patch-1' of github.com:loalf/symfony-docs into loalf-pa…
18f4575 
…tch-1

Also contains tweaks to symfony#1829

Conflicts:
	reference/configuration/framework.rst
@weaverryan
[symfony#1829] Moving serializer framework docs around - added a new …
a9c8ed6 
…cookbook and linked to that from everywhere else
@weaverryan
Merge branch '2.2'
bbdc8ce
@weaverryan
Merge branch '2.2'
232525f
@weaverryan
Merge branch 'deprecated' of github.com:fabpot/symfony-docs into fabp…
381e578 
…ot-deprecated

Conflicts:
	reference/configuration/framework.rst
	reference/constraints/Max.rst
	reference/constraints/Min.rst
weaverryan and others added 26 commits May 5, 2013 21:54
@weaverryan
[symfony#2602] Adding 2.3 note about new Crawler::html method
9dc1b5f
@Ocramius
Adding lazy services documentation as of symfony/symfony#7890
50905ff
@pierredup
[Components][Console] Fixed typos for table helper
c3c3e98
@weaverryan
Merge branch '2.2'
f546b9e
@Ocramius
Applying changes suggested by @wouterj, adding lazy_services to compo…
931091d 
…nents map
@weaverryan
Merge pull request symfony#2624 from pierredup/master
abe537f 
[Components][Console] Fixed typos for table helper
@webmozart
Made the Icu component compatible with ICU 3.8
438c824
@weaverryan
Merge pull request symfony#2640 from bschussek/icu-3.8
a981ae7 
Made the Icu component compatible with ICU 3.8
@weaverryan
Merge pull request symfony#2619 from Ocramius/feature/proxy-manager-b…
a2bc822 
…ridge

Adding lazy services documentation as of symfony/symfony#7890
@weaverryan
[symfony#2619] Tweaks for new proxy/lazy services entry
d7ea3a5
@weaverryan
Merge branch '2.2'
2b7dcf9 
Conflicts:
	components/yaml/introduction.rst
@mpdude @weaverryan
Formatting fix and additional example
ca6d87a
@mpdude @weaverryan
removed double "the"
1c2ff32
@mpdude @weaverryan
Capitalization
f20b2e3
@weaverryan
Merge branch '2.2' into 2.3
59d6e6e 
Conflicts:
	components/yaml/introduction.rst
@weaverryan
Merge branch '2.3'
4c06860 
Conflicts:
	components/yaml/introduction.rst
@gregquat
[Book/Form] minor fix, superfluous word
86d7d76
@bamarni
removed unneeded block
754adc9
@jaugustin @weaverryan
add documentation for the use of __call with propertyAccess
b140d5c
@falinsky @weaverryan
Fixed actual symfony number
b1e5180
@weaverryan
Merge pull request symfony#2648 from gregquat/patch-13
50147d9 
[Book/Form] minor fix, superfluous word
@weaverryan
Merge pull request symfony#2659 from bamarni/patch-8
ddb2b9d 
removed unneeded block
@weaverryan
[symfony#2312] Fixing typo thanks to @staabm
23a016c
@weaverryan
Merge branch '2.2' into 2.3
bf67517 
Conflicts:
	reference/forms/types/options/property_path.rst.inc
@weaverryan
Merge branch '2.3'
030a6f8
@J7mbo
Updated XSSI Json Hijacking Caution
068cfd8 
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. POST requests remain unaffected.
@weaverryan
Copy link
Member

Hey James!

Very nice addition. I've patched your commit into the 2.2 branch at sha: b845591

Thanks!

@weaverryan weaverryan closed this Jun 30, 2013
weaverryan added a commit that referenced this pull request Jun 30, 2013
@weaverryan
Back-porting change from 2.3 (should have been patched into 2.2 origi…
4447f1d 
…nally)

[#2710] Fixing whitespace
(cherry picked from commit f8ace43)
weaverryan added a commit that referenced this pull request Jun 30, 2013
@weaverryan
[#2710] Fixing whitespace
f8ace43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.