Skip to content
Snippets Groups Projects

security: update CSRF threat model to reflect a manual audit

Merged security: update CSRF threat model to reflect a manual audit
sg/update-csrf-model into main
Merged Warren Gifford requested to merge sg/update-csrf-model into main

Created by: slimsag

I manually audited our code / pages to confirm there were no instances in which we would embed any sensitive user data into the response of GET requests, and so we can remove these sections from our CSRF threat model simplifying it further. :tada:

Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com

Merge request reports

Approval is optional
Ready to merge by members who can write to the target branch.

Merge details

  • 1 commit and 1 merge commit will be added to main.
  • Source branch will not be deleted.

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply