diff options
Diffstat (limited to 'doc/source')
| -rw-r--r-- | doc/source/features.rst | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/source/features.rst b/doc/source/features.rst index ee39682..073bd8d 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst | |||
| @@ -330,7 +330,7 @@ is when unauthorised commands are issued from a user that the application trusts | |||
| 330 | For example, if a user is authenticated on a banking website, | 330 | For example, if a user is authenticated on a banking website, |
| 331 | an other site might present something like | 331 | an other site might present something like |
| 332 | ``<img src="http://mybank.com/transfer?from=user&to=attack&amount=1337EUR">``, | 332 | ``<img src="http://mybank.com/transfer?from=user&to=attack&amount=1337EUR">``, |
| 333 | effectivement transfering money from the user's account to the attacker one. | 333 | effectively transferring money from the user's account to the attacker one. |
| 334 | 334 | ||
| 335 | Snuffleupagus can prevent this (in `supported browsers <https://caniuse.com/#search=samesite>`__) | 335 | Snuffleupagus can prevent this (in `supported browsers <https://caniuse.com/#search=samesite>`__) |
| 336 | by setting the `samesite <https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7>`__ | 336 | by setting the `samesite <https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis-02#section-5.3.7>`__ |