Marketplace/API/CSRF: Difference between revisions

Jump to navigation Jump to search

Marketplace/API/CSRF (view source)

Revision as of 01:57, 1 April 2016

23 bytes added ,  1 April 2016
added banner
No edit summary
(added banner)
 
Line 1: Line 1:
{{Marketplace_banner}}
<h2> CSRF </h2>
<h2> CSRF </h2>
<p>The Marketplace (and AMO) in 2012 had a standard flow for CSRF protection. Client GETs the page from the server. Page includes a CSRF token which is tied to the users session on the server. Client POSTs a form with a CSRF token in it, we check the two match and process the request.
<p>The Marketplace (and AMO) in 2012 had a standard flow for CSRF protection. Client GETs the page from the server. Page includes a CSRF token which is tied to the users session on the server. Client POSTs a form with a CSRF token in it, we check the two match and process the request.
Ddurst
Confirmed users
746

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1125283"

Navigation menu