Opened 13 months ago

Closed 13 months ago

Last modified 13 months ago

#34990 closed Cleanup/optimization (fixed)

Change external link for CSRF reference docs to OWASP

Reported by: Timothy Schilling Owned by: Timothy Schilling
Component: Documentation Version: dev
Severity: Normal Keywords: csrf, documentation, owasp
Cc: Triage Stage: Accepted
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The CSRF reference docs links to https://www.squarefree.com/securitytips/web-developers.html#CSRF

I propose it should link to https://owasp.org/www-community/attacks/csrf#overview

Open Worldwide Application Security Project (OWASP) is the standard for security related questions, we should be pushing developers to that resource. Beyond that, the examples on that page do a much better job of explaining a CSRF attack and how to protect against it.

Change History (5)

comment:1 by Timothy Schilling, 13 months ago

Has patch: set

comment:2 by Mariusz Felisiak, 13 months ago

Triage Stage: UnreviewedAccepted

comment:3 by GitHub <noreply@…>, 13 months ago

Resolution: fixed
Status: assignedclosed

In aceee39d:

Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.

comment:4 by Mariusz Felisiak <felisiak.mariusz@…>, 13 months ago

In 06bdf62b:

[5.0.x] Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main

comment:5 by Mariusz Felisiak <felisiak.mariusz@…>, 13 months ago

In 6d7313bc:

[4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main

Note: See TracTickets for help on using tickets.
Back to Top