diff options
| author | Tom Christie | 2013-01-27 17:23:56 +0000 |
|---|---|---|
| committer | Tom Christie | 2013-01-27 17:23:56 +0000 |
| commit | a7479e02faf37da8987d5933d8c259b045ef1be8 (patch) | |
| tree | 0fa924ccc526821f1dcfa2302c2a3cb5b56d15ba /docs/topics/csrf.md | |
| parent | a75db4cfb8ed756c451bfda7ea0c73a73859216f (diff) | |
| download | django-rest-framework-a7479e02faf37da8987d5933d8c259b045ef1be8.tar.bz2 | |
AJAX, CSRF & CORS documentation
Diffstat (limited to 'docs/topics/csrf.md')
| -rw-r--r-- | docs/topics/csrf.md | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/docs/topics/csrf.md b/docs/topics/csrf.md deleted file mode 100644 index 043144c1..00000000 --- a/docs/topics/csrf.md +++ /dev/null @@ -1,12 +0,0 @@ -# Working with AJAX and CSRF - -> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one." -> -> — [Jeff Atwood][cite] - -* Explain need to add CSRF token to AJAX requests. -* Explain deferred CSRF style used by REST framework -* Why you should use Django's standard login/logout views, and not REST framework view - - -[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html |