Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitb845591

Browse files
J7mboweaverryan
authored andcommitted
Updated XSSI Json Hijacking Caution
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. POST requests remain unaffected.
1 parent3842f59 commitb845591

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

‎components/http_foundation/introduction.rst

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -496,7 +496,10 @@ to ``application/json``.
496496
as the outer-most array to ``JsonResponse`` and not an indexed array so
497497
that the final result is an object (e.g. ``{"object": "not inside an array"}``)
498498
instead of an array (e.g. ``[{"object": "inside an array"}]``). Read
499-
the `OWASP guidelines`_ for more information.
499+
the `OWASP guidelines`_ for more information.
500+
501+
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'.
502+
Methods responding to POST requests only remain unaffected.
500503

501504
JSONP Callback
502505
~~~~~~~~~~~~~~

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp