File tree Expand file tree Collapse file tree 1 file changed +12
-1
lines changed Expand file tree Collapse file tree 1 file changed +12
-1
lines changed Original file line number Diff line number Diff line change @@ -85,7 +85,7 @@ this can be customized on a form-by-form basis::
8585
8686 // src/Form/TaskType.php
8787 namespace App\Form;
88-
88+
8989 // ...
9090 use App\Entity\Task;
9191 use Symfony\Component\OptionsResolver\OptionsResolver;
@@ -162,4 +162,15 @@ to check its validity::
162162 }
163163 }
164164
165+ CSRF tokens and compression side-channel attacks
166+ ------------------------------------------------
167+
168+ `BREACH `_ and `CRIME `_ are security exploits against HTTPS when using HTTP
169+ compression. Attacker can leverage information leaked by compression to recover
170+ targeted parts of the plaintext. To mitigate these attacks, and prevent an
171+ attacker from guessing the CSRF tokens, a random mask is prepended to the token
172+ and used to scramble it.
173+
165174.. _`Cross-site request forgery` : https://en.wikipedia.org/wiki/Cross-site_request_forgery
175+ .. _`BREACH` : https://en.wikipedia.org/wiki/BREACH
176+ .. _`CRIME` : https://en.wikipedia.org/wiki/CRIME
You can’t perform that action at this time.
0 commit comments