Something went wrong on our end. Please try again.
Created by: slimsag
In response to the potentially large future risks I've observed in #23140 I've taken time over my weekend / outside of work to do a full audit our CSRF threat model. We're all good currently, but have much room for improvement.
As part of this process, I've verified what is actually true in our codebase today both through looking at the code and testing various properties.
I've documented the threat model extensively, so that any developer at Sourcegraph can easily understand what the model is and why without necessarily having an expert understanding of CSRF.
At the end of the document, I've made some key recommendations for exactly what we should do - as soon as reasonably possible - to improve our CSRF threat model and ensure that we continue to have good security as time goes on, more people work on Sourcegraph, and we extend integrations out to more third-party websites and parties.
cc @andreeleuterio - this should help with the problem/challenges we're facing considerably. I will next look into employing some of these recommendations, time permitting (as this, of course, isn't my primary work) :)
Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com
Note: I have tagged this PR as API docs solely for tracking purposes, since that is where I currently track my work.