Skip to content
Snippets Groups Projects

security: update CSRF security model to indicate window.context is unprivileged

Merged Warren Gifford requested to merge sg/doc-window-context into main

Created by: slimsag

Now that window.context does not even contain CSRF tokens/headers (i.e., now that we have proven those are not used in our CSRF security model) we can now update our security model doc to indicate that window.context is entirely unprivileged data.

Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com

Merge request reports

Merged by avatar (May 7, 2025 3:59am UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
Please register or sign in to reply
Loading