parent: b44aab10 | patch | commit | ignore whitespace
ejo
2011-07-09 35259d7b1f029391a839c96f7750d6b3433ad2c9 
Old sentence was grammatically incorrect, literally meant that the URL or button in question did not know it was redirecting the user.  It is the user who does not know, so "unwittingly" is replaced with "secretly"; "surreptitiously" would be another accurate alternative.  An alternative sentence construction that maintains the word "unwittingly" would be, e.g., "...might click on a URL or button on another website and be unwittingly redirected to your application to perform some command that requires elevated privileges."
1 files modified
2 ■■■ changed files
docs/narr/sessions.rst 2 ●●● patch | view | raw | blame | history 
 docs/narr/sessions.rst


@@ -288,7 +288,7 @@


`Cross-site request forgery


<http://en.wikipedia.org/wiki/Cross-site_request_forgery>`_ attacks are a


phenomenon whereby a user with an identity on your website might click on a


URL or button on another website which unwittingly redirects the user to your


URL or button on another website which secretly redirects the user to your


application to perform some command that requires elevated privileges.




You can avoid most of these attacks by making sure that the correct *CSRF