From deedf6957d14c2808c00a009ac2c1d4528cb80c9 Mon Sep 17 00:00:00 2001
From: Tom Christie
Date: Sat, 1 Sep 2012 20:26:27 +0100
Subject: REST framework 2 docs

---
 docs/topics/csrf.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 docs/topics/csrf.md

(limited to 'docs/topics/csrf.md')

diff --git a/docs/topics/csrf.md b/docs/topics/csrf.md
new file mode 100644
index 00000000..a2ee1b9c
--- /dev/null
+++ b/docs/topics/csrf.md
@@ -0,0 +1,12 @@
+# Working with AJAX and CSRF
+
+> "Take a close look at possible CSRF / XSRF vulnerabilities on your own websites. They're the worst kind of vulnerability -- very easy to exploit by attackers, yet not so intuitively easy to understand for software developers, at least until you've been bitten by one."
+>
+>  — [Jeff Atwood][cite]
+
+* Explain need to add CSRF token to AJAX requests.
+* Explain defered CSRF style used by REST framework
+* Why you should use Django's standard login/logout views, and not REST framework view
+
+
+[cite]: http://www.codinghorror.com/blog/2008/10/preventing-csrf-and-xsrf-attacks.html
\ No newline at end of file
-- 
cgit v1.2.3