search

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.
https://cheatsheetseries.owasp.org
Creative Commons Attribution Share Alike 4.0 International
27.08k stars 3.79k forks source link

Update: Cross-Site_Request_Forgery_Prevention_Cheat_Sheet #1359

Closed vvmuysew closed 3 months ago

vvmuysew commented 3 months ago

What is missing or needs to be updated?

In the pseudo-code example showing how to properly do the singed double submit token there seems to be a missing " at the line of the SetCookie:

https://github.com/OWASP/CheatSheetSeries/blob/b181a604dd1f4a405ca1cd267b111a6a044e9f7b/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md?plain=1#L107

How should this be resolved?

Change the "; Secure) by "; Secure")

szh commented 3 months ago

Good catch. Want to submit a PR to fix it?

vvmuysew commented 3 months ago

PR submitted :+1: