security: update CSRF threat model to reflect a manual audit (!27236) · Merge requests · Warren Gifford / sourcegraph

Something went wrong while fetching comments. Please try again.

Merged Warren Gifford requested to merge sg/update-csrf-model into main 3 years ago

Created by: slimsag

I manually audited our code / pages to confirm there were no instances in which we would embed any sensitive user data into the response of GET requests, and so we can remove these sections from our CSRF threat model simplifying it further.

Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com

Activity

Please register or sign in to reply

security: update CSRF threat model to reflect a manual audit

Merge request reports

Merged by (May 24, 2025 4:51am UTC)

Activity