Skip to content

security: update CSRF security model to indicate window.context is unprivileged

Administrator requested to merge sg/doc-window-context into main

Created by: slimsag

Now that window.context does not even contain CSRF tokens/headers (i.e., now that we have proven those are not used in our CSRF security model) we can now update our security model doc to indicate that window.context is entirely unprivileged data.

Signed-off-by: Stephen Gutekanst [email protected]

Merge request reports

Loading