WebAppSec/Secure Coding Guidelines: Difference between revisions

Jump to navigation Jump to search

WebAppSec/Secure Coding Guidelines (view source)

Revision as of 17:55, 30 September 2010

150 bytes added ,  30 September 2010
→‎Preventing CSRF
Line 178: Line 178:
* The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET
* The CSRF token is added as a hidden field for forms or within the URL if the state changing operation occurs via a GET
* The server rejects the requested action if the CSRF token fails validation
* The server rejects the requested action if the CSRF token fails validation
Note: Some frameworks (such as django) provide this capability. Use the established CSRF protection from the framework instead of creating your own.


===Preventing Malicious Site Framing (ClickJacking)===
===Preventing Malicious Site Framing (ClickJacking)===
Mcoates
Confirmed users
491

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/257225"

Navigation menu