Skip to content
This repository was archived by the owner on Apr 12, 2024. It is now read-only.

docs($http): reword of XSRF attack overview#13901

Closed
vucalur wants to merge 1 commit into
angular:masterfrom
vucalur:patch-4
Closed

docs($http): reword of XSRF attack overview#13901
vucalur wants to merge 1 commit into
angular:masterfrom
vucalur:patch-4

Conversation

@vucalur
Copy link
Copy Markdown
Contributor

@vucalur vucalur commented Jan 30, 2016

Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.

@vucalur
docs($http): reword of XSRF attack overview
51f272a 
Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.
@gkalpak gkalpak closed this in 23395ce Jan 31, 2016
gkalpak pushed a commit that referenced this pull request Jan 31, 2016
@vucalur @gkalpak
docs($http): reword the XSRF attack overview
8dc4c75 
Previous version emphasised "gaining user's private data".
While this perfectly describes JSON vulnerability (which is based on XSRF),
data theft suits XSS more.
Pure XSRF is more about performing requests that have side effects.

Closes #13901
@gkalpak
Copy link
Copy Markdown
Member

gkalpak commented Jan 31, 2016

I reworded it a bit and merged. Thx !
Backported to v1.4.x as 8dc4c75.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

cla: yes

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@vucalur @gkalpak @googlebot