security: update CSRF security model to indicate window.context is unprivileged
There are no commits yet
Push commits to the source branch or add previously merged commits to review them.
Created by: slimsag
Now that window.context does not even contain CSRF tokens/headers (i.e., now that
we have proven those are not used in our CSRF security model) we can now update our
security model doc to indicate that window.context
is entirely unprivileged
data.
Signed-off-by: Stephen Gutekanst stephen@sourcegraph.com
Push commits to the source branch or add previously merged commits to review them.