dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FixTypo - Fix typo in various lesson documentations

Browse Source
This commit is contained in:
Thanh Tran
2022-08-29 17:13:34 +10:00
committed by Àngel Ollé Blázquez
parent de3c2c8d85
commit f5e4d4717a
13 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/main/resources/lessons/csrf/documentation/CSRF_Frameworks.adoc
View File

@ -18,7 +18,7 @@ Remember the session cookie should always be defined with http-only flag.
Another defense can be to add a custom request header to each call. This will work if all the interactions
with the server are performed with JavaScript. On the server side you only need to check the presence of this header
if this header is not present deny the request.
Some frameworks offer this implementation by default however researcer Alex Infuhr found out that this can be bypassed
Some frameworks offer this implementation by default however researcher Alex Infuhr found out that this can be bypassed
as well. You can read about: https://insert-script.blogspot.com/2018/05/adobe-reader-pdf-client-side-request.html[Adobe Reader PDF - Client Side Request Injection]