Marketplace/API/CSRF: Difference between revisions

Jump to navigation Jump to search

Marketplace/API/CSRF (view source)

Revision as of 18:05, 22 February 2013

13 bytes added ,  22 February 2013
→‎Different security zones
(Created page with "== CSRF == The Marketplace (and AMO) in 2012 had a standard flow for CSRF protection. Client GETs the page from the server. Page includes a CSRF token which is tied to the users...")
 
Line 35: Line 35:
We also have to realise that different APIs might have different security requirements. As mentioned comments and ratings are of lower concern than reviewer and admin APIs. Perhaps we need to have a set of zones or rules to evaluate APIs and ensure that different APIs have different requirements. For example:
We also have to realise that different APIs might have different security requirements. As mentioned comments and ratings are of lower concern than reviewer and admin APIs. Perhaps we need to have a set of zones or rules to evaluate APIs and ensure that different APIs have different requirements. For example:


**DRAFT**
<strong>DRAFT</strong>


{|
{|
Amckay
Confirmed users
1,158

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/526625"

Navigation menu