kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

Merge branch 'fix-csfr-typo-in-doc' into 'master'

Browse source 
Fix typo `CSFR` -> `CSRF` in the OAuth2 doc



See merge request !6538
This commit is contained in:
Achilleas Pipinellis 2016-09-28 16:45:20 +00:00
commit 51fcea7a91
1 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
doc/api/oauth2.md
View file

@ -48,7 +48,7 @@ You should then use the `code` to request an access token.
>**Important:**
It is highly recommended that you send a `state` value with the request to `/oauth/authorize` and
validate that value is returned and matches in the redirect request.
This is important to prevent [CSFR attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow),
This is important to prevent [CSRF attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow),
`state` really should have been a requirement in the standard!
### 3. Requesting the access token