-
-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixes various typos #13
Conversation
Signed-off-by: Mihovil Ilakovac <[email protected]>
@@ -10,7 +10,7 @@ title: "Cross-site request forgery (CSRF)" | |||
- [Cross-site vs cross-origin](#cross-site-vs-cross-origin) | |||
- [Prevention](#prevention) | |||
- [Anti-CSRF tokens](#anti-csrf-tokens) | |||
- [Signed double submit cookies](#signed-double-submit-cookies) | |||
- [Signed double-submit cookies](#signed-double-submit-cookies) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Grammarly says double-submit
is better than double submit
so I did the change. (And this goes for all hyphen related changes)
|
||
If you set the value to `Lax`, it is crucial that your application does not use GET requests for modifying resources. Additionally, as this flag is relatively new and only protects against cross-site request forgery (instead of cross-origin request forgery), this should not be the only layer of defense. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
Any endpoint that can send emails should have strict rate limiting implemented. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
These codes should be provided when the user first sets up MFA and the user should be able to download them anytime if they have access to one of their second factors. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
This may seem harmless at first, but it makes it significantly easier to scam users. The user could be redirected to an identical site made by an attacker and be prompted to enter their password again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
- [Open redirect](/open-redirect). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
This can be avoided by only accepting session IDs via cookies and request headers, and always creating a new session when the user signs in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
New line at the end of the file
Thank you! |
I've did my standard thing of running the Grammarly VS Code extensions on all of the markdown files. Here's the result after running it and going through all of the suggested changes. Let me know if some of the changes are too aggressive.