Update: Cross-Site Request Forgery Prevention Cheat Sheet

OWASP / CheatSheetSeries

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

https://cheatsheetseries.owasp.org

Creative Commons Attribution Share Alike 4.0 International

27.08k stars 3.79k forks source link

Update: Cross-Site Request Forgery Prevention Cheat Sheet #1388

Closed wittjoe1 closed 1 month ago

wittjoe1 commented 2 months ago

What is missing or needs to be updated?

I'm wondering about the title of the chapter "Disallowing non-simple requests". In my opinion - and from the context - it should read "Disallowing simple requests", as "simple" requests lead to CSRF, which we actually want to prevent.

How should this be resolved?

Can someone please check this? Thx

jmanico commented 2 months ago

This is a good observation. Care to submit a PR for us?