Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b845591

Browse files
J7mboweaverryan
J7mbo
authored and
weaverryan
committed
Updated XSSI Json Hijacking Caution
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'. POST requests remain unaffected.
1 parent 3842f59 commit b845591

File tree

1 file changed

+4
-1
lines changed

1 file changed

+4
-1
lines changed

components/http_foundation/introduction.rst

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -496,7 +496,10 @@ to ``application/json``.
496496
as the outer-most array to ``JsonResponse`` and not an indexed array so
497497
that the final result is an object (e.g. ``{"object": "not inside an array"}``)
498498
instead of an array (e.g. ``[{"object": "inside an array"}]``). Read
499-
the `OWASP guidelines`_ for more information.
499+
the `OWASP guidelines`_ for more information.
500+
501+
Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'.
502+
Methods responding to POST requests only remain unaffected.
500503

501504
JSONP Callback
502505
~~~~~~~~~~~~~~

0 commit comments

Comments
 (0)