Fixes various typos #13
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mihovil Ilakovac <[email protected]>
infomiho
commented
Mar 9, 2024
| @@ -10,7 +10,7 @@ title: "Cross-site request forgery (CSRF)" | |||
| - [Cross-site vs cross-origin](#cross-site-vs-cross-origin) | |||
| - [Prevention](#prevention) | |||
| - [Anti-CSRF tokens](#anti-csrf-tokens) | |||
| - [Signed double submit cookies](#signed-double-submit-cookies) | |||
| - [Signed double-submit cookies](#signed-double-submit-cookies) | |||
There was a problem hiding this comment.
Grammarly says double-submit is better than double submit so I did the change. (And this goes for all hyphen related changes)
infomiho
commented
Mar 9, 2024
|
|
||
| If you set the value to `Lax`, it is crucial that your application does not use GET requests for modifying resources. Additionally, as this flag is relatively new and only protects against cross-site request forgery (instead of cross-origin request forgery), this should not be the only layer of defense. |
There was a problem hiding this comment.
New line at the end of the file
infomiho
commented
Mar 9, 2024
| Any endpoint that can send emails should have strict rate limiting implemented. |
There was a problem hiding this comment.
New line at the end of the file
infomiho
commented
Mar 9, 2024
| These codes should be provided when the user first sets up MFA and the user should be able to download them anytime if they have access to one of their second factors. |
There was a problem hiding this comment.
New line at the end of the file
infomiho
commented
Mar 9, 2024
| This may seem harmless at first, but it makes it significantly easier to scam users. The user could be redirected to an identical site made by an attacker and be prompted to enter their password again. |
There was a problem hiding this comment.
New line at the end of the file
infomiho
commented
Mar 9, 2024
| - [Open redirect](/open-redirect). |
There was a problem hiding this comment.
New line at the end of the file
infomiho
commented
Mar 9, 2024
| This can be avoided by only accepting session IDs via cookies and request headers, and always creating a new session when the user signs in. |
There was a problem hiding this comment.
New line at the end of the file
pilcrowOnPaper
approved these changes
Mar 10, 2024
|
Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I've did my standard thing of running the Grammarly VS Code extensions on all of the markdown files. Here's the result after running it and going through all of the suggested changes. Let me know if some of the changes are too aggressive.