Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Documentation: csrfguard.properties improvement #15

Closed
jellisgwn opened this issue May 19, 2021 · 1 comment
Closed

Documentation: csrfguard.properties improvement #15

jellisgwn opened this issue May 19, 2021 · 1 comment
Labels
documentation Improvements or additions to documentation

Comments

@jellisgwn
Copy link
Contributor

The following text in csrfguard.properties could be cleaned up and more concise:

# Note: Rotation in case of AJAX requests is not currently not supported because of the possible race conditions.
# A Single Page Application can fire multiple simultaneous requests. If rotation is enabled,
# the first request might trigger a token change before the validation of the same token within the second request,
# causing false-positive CSRF intrusion exceptions.

"is not currently not supported"

The sentence starting "If rotation is enabled, ..." could be clearer, "If rotation were enabled for AJAX requests, the first request could trigger..."

Happy to provide a PR if it would be helpful.
@forgedhallpass
Copy link
Member

hello @jellisgwn,

Thanks for pointing it out; there are multiple sections indeed that could use some re-working in the future. Feel free to provide a PR and will accept it.

forgedhallpass added a commit that referenced this issue Aug 20, 2021
@forgedhallpass
#15 Documentation: csrfguard.properties improvement
771ed4b 
* fixing a typo in the documentation
* syncing the test Owasp.CsrfGuard.properties file with the production one
@forgedhallpass forgedhallpass added the documentation Improvements or additions to documentation label Sep 15, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
documentation Improvements or additions to documentation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jellisgwn @forgedhallpass