security: update CSRF threat model to reflect a manual audit
There are no commits yet
Push commits to the source branch or add previously merged commits to review them.
Created by: slimsag
I manually audited our code / pages to confirm there were no instances in which
we would embed any sensitive user data into the response of GET requests, and so
we can remove these sections from our CSRF threat model simplifying it further.
Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com
Push commits to the source branch or add previously merged commits to review them.