[docs] Make clear that sesskey is CSRF token.

moodle / devdocs

Source of the Moodle Developer Resources and Documentation

https://moodledev.io/

Other

40 stars 283 forks source link

[docs] Make clear that sesskey is CSRF token. #1083

Closed kabalin closed 1 month ago

kabalin commented 1 month ago

sesskey is often confused with Moodle Session ID cookie. This change updates Session Key section at Cross-site request forgery page, clarifying its purpose as CSRF token.

Rendered page: https://deploy-preview-1083--moodledevdocs.netlify.app/general/development/policies/security/crosssite-request-forgery#session-key

netlify[bot] commented 1 month ago

Deploy Preview for moodledevdocs ready!

Built without sensitive environment variables

Name	Link
Latest commit	feb0af55684ed2df3f61b333d091fdf44b96887d
Latest deploy log	https://app.netlify.com/sites/moodledevdocs/deploys/66b51643686d990008278218
Deploy Preview	https://deploy-preview-1083--moodledevdocs.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

github-actions[bot] commented 1 month ago

⚡️ Lighthouse report for the deploy preview of this PR

URL	Performance	Accessibility	Best Practices	SEO	PWA	Report
/	🔴 44	🟢 95	🟢 100	🟢 90	🟢 100	Report
/docs/4.4/apis/commonfiles	🟠 66	🟢 93	🟢 100	🟢 100	🟢 100	Report
/general/development/gettingstarted	🟠 77	🟢 95	🟢 100	🟢 90	🟢 100	Report
/general/releases	🟠 64	🟢 95	🟢 100	🟢 100	🟢 100	Report

kabalin commented 1 month ago

Thanks for adding the clarification. Just a few tidyups.

Thanks Andrew!

kabalin commented 1 month ago

Squashed Andrews's improvements and rebased. Kindly asking @mickhawkins to review it and merge. Thanks! :)

moodle / devdocs

[docs] Make clear that sesskey is CSRF token. #1083

✅ Deploy Preview for moodledevdocs ready!

⚡️ Lighthouse report for the deploy preview of this PR

Deploy Preview for moodledevdocs ready!