couchdb-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rnew...@apache.org
Subject documentation commit: updated refs/heads/master to 18cc926
Date Mon, 10 Aug 2015 18:39:06 GMT
Repository: couchdb-documentation
Updated Branches:
  refs/heads/master d5f3abb4c -> 18cc926bb


Clarify that only write requests are affected by CSRF protection


Project: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/repo
Commit: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/commit/18cc926b
Tree: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/tree/18cc926b
Diff: http://git-wip-us.apache.org/repos/asf/couchdb-documentation/diff/18cc926b

Branch: refs/heads/master
Commit: 18cc926bb3d73e5ce9d2f8cce445e9de1e9eeb55
Parents: d5f3abb
Author: Robert Newson <rnewson@apache.org>
Authored: Mon Aug 10 19:38:48 2015 +0100
Committer: Robert Newson <rnewson@apache.org>
Committed: Mon Aug 10 19:38:48 2015 +0100

----------------------------------------------------------------------
 src/config/http.rst | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/couchdb-documentation/blob/18cc926b/src/config/http.rst
----------------------------------------------------------------------
diff --git a/src/config/http.rst b/src/config/http.rst
index 5bcb0c3..6abeea0 100644
--- a/src/config/http.rst
+++ b/src/config/http.rst
@@ -540,8 +540,9 @@ Cross-site Request Forgery protection
     reset form or cause damage by issuing a database delete request.
 
     To prevent this, CouchDB can require a matching request header
-    before processing any request. The correct value of this header is
-    unknown to the attacker and so their attack fails.
+    before processing any write request (defined as any method other
+    than `GET`, `HEAD` or `OPTIONS`). The correct value of this header
+    is unknown to the attacker and so their attack fails.
 
     To enable CSRF protection, add the custom request header
     `X-CouchDB-CSRF` wih value `true` to any request. The response will


Mime
View raw message