Commit 7fc3e6b
Update Fetch Metadata positioning (#1875)
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Extended core guidance to mention Fetch Metadata request headers (Sec-Fetch-*) as an alternative to CSRF tokens for state-changing requests.
Added clarification that developers can use CSRF tokens or Fetch Metadata depending on project needs and client compatibility.
Updated Fetch Metadata positionaing
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
removed old Fetch Metadata section
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Fix typos and markdown issues
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
fix heading increment
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Added guidance that all Fetch Metadata implementations must include a mandatory fallback to Origin/Referer verification for compatibility.
Reworked browser compatibility notes and Limitations and gotchas section.
Changed language to avoid undermining Fetch Metadata headers
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Like this, go for it
Co-authored-by: Ari Kalfus <dev@artis3nal.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: Ari Kalfus <dev@artis3nal.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Updated "The Fetch Metadata request headers are" part.
Updated "Use Built-In Or Existing CSRF Implementations for CSRF Protection" to include reference to Go CrossOriginProtection.
Updated "### Things to consider"
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
fix list indentation
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Removed `Origin` and `Referer` from the ## Fetch Metadata headers description
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
navigate mode clarification
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: Scott Leggett <scott@sl.id.au>
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
state-changing safe methods requests clarification
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Vary header clarification
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Added concerns section
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
* Update Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.md
---------
Co-authored-by: Jim Manico <jim@manicode.com>
Co-authored-by: Ari Kalfus <dev@artis3nal.com>
Co-authored-by: nickchomey <88559987+nickchomey@users.noreply.github.com>
Co-authored-by: Scott Leggett <scott@sl.id.au>1 parent bcd27d7 commit 7fc3e6b
File tree
1 file changed
+126
-89
lines changed- cheatsheets
1 file changed
+126
-89
lines changed
0 commit comments