diff options
| author | Tom Christie | 2012-09-01 20:26:27 +0100 |
|---|---|---|
| committer | Tom Christie | 2012-09-01 20:26:27 +0100 |
| commit | deedf6957d14c2808c00a009ac2c1d4528cb80c9 (patch) | |
| tree | a029d40c05ceeaffa9d1fb420096c7de4878cbb5 /docs/topics/csrf.md | |
| parent | 02dcdca13b7cbe89e1980bab7e8274500bf9e4e1 (diff) | |
| download | django-rest-framework-deedf6957d14c2808c00a009ac2c1d4528cb80c9.tar.bz2 | |
REST framework 2 docs
Diffstat (limited to 'docs/topics/csrf.md')
| -rw-r--r-- | docs/topics/csrf.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/topics/csrf.md b/docs/topics/csrf.md new file mode 100644 index 00000000..a2ee1b9c --- /dev/null +++ b/docs/topics/csrf.md @@ -0,0 +1,12 @@ +# Working with AJAX and CSRF + +> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one." +> +> — [Jeff Atwood][cite] + +* Explain need to add CSRF token to AJAX requests. +* Explain defered CSRF style used by REST framework +* Why you should use Django's standard login/logout views, and not REST framework view + + +[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html
\ No newline at end of file |