Skip to content

Commit

Permalink
Added CSRF protection as valid reason to use cookies. (#33)
Browse files Browse the repository at this point in the history 
https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Double_Submit_Cookie
  • Loading branch information
@youngbrioche
Oliver Tigges authored and youngbrioche committed Jul 1, 2016
1 parent 2264a63 commit 8e6a768
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion index.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,7 @@ <h2 id="server-side">Server-side</h2>
access. <a class="anchor" href="#auth">auth</a>
</li>
<li id="cookies">Cookies may not be used for purposes other than
authentication or user tracking. <a class="anchor" href="#cookies">cookies</a>
authentication, user tracking or security purposes like CSRF protection. <a class="anchor" href="#cookies">cookies</a>
</li>
<li id="session">There may not be any session state beyond
what&#8217;s needed for simple algorithmic validation of
Expand Down

0 comments on commit 8e6a768

Please sign in to comment.