diff options
Diffstat (limited to 'docs/topics/csrf.md')
| -rw-r--r-- | docs/topics/csrf.md | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/docs/topics/csrf.md b/docs/topics/csrf.md new file mode 100644 index 00000000..a2ee1b9c --- /dev/null +++ b/docs/topics/csrf.md @@ -0,0 +1,12 @@ +# Working with AJAX and CSRF + +> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one." +> +> — [Jeff Atwood][cite] + +* Explain need to add CSRF token to AJAX requests. +* Explain defered CSRF style used by REST framework +* Why you should use Django's standard login/logout views, and not REST framework view + + +[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html
\ No newline at end of file |