I added some minimal documentation for the addTokenToUrl() function.
Additionally, I took the liberty to reorder the three possible methods to allow writes on read in order of "ascending insecurity" (more secure to less secure):
Adding a CSRF token to the URL
Whitelisting a single object for writes
Whitelisting the entire request
I also moved the previous section header for the IDisableCSRFProtection interface (Allowing write on read programatically) to apply for that whole section, and instead labeled the IDisableCSRFProtection method Marking the entire request as safe.
I added some minimal documentation for the
addTokenToUrl()
function.Additionally, I took the liberty to reorder the three possible methods to allow writes on read in order of "ascending insecurity" (more secure to less secure):
I also moved the previous section header for the
IDisableCSRFProtection
interface (Allowing write on read programatically
) to apply for that whole section, and instead labeled theIDisableCSRFProtection
methodMarking the entire request as safe
.