From 00291ae0543c2cc142479ea2580a90c74e5a63f5 Mon Sep 17 00:00:00 2001 From: spixy Date: Sat, 7 Mar 2020 12:25:02 +0100 Subject: [PATCH] docs: fix dead CSRF link (#35929) Fix dead CSRF link which were pointing to non-working resources PR Close #35929 --- aio/content/guide/security.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/aio/content/guide/security.md b/aio/content/guide/security.md index 2dd439d7d2..3d4101f9ae 100644 --- a/aio/content/guide/security.md +++ b/aio/content/guide/security.md @@ -279,13 +279,13 @@ That means only your application can read this cookie token and set the custom h Angular's `HttpClient` has built-in support for the client-side half of this technique. Read about it more in the [HttpClient guide](/guide/http#security-xsrf-protection). For information about CSRF at the Open Web Application Security Project (OWASP), see -Cross-Site Request Forgery (CSRF) and -Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet. +[Cross-Site Request Forgery (CSRF)](https://owasp.org/www-community/attacks/csrf) and +[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html). The Stanford University paper -Robust Defenses for Cross-Site Request Forgery is a rich source of detail. +[Robust Defenses for Cross-Site Request Forgery](https://seclab.stanford.edu/websec/csrf/csrf.pdf) is a rich source of detail. See also Dave Smith's easy-to-understand -talk on XSRF at AngularConnect 2016. +[talk on XSRF at AngularConnect 2016](https://www.youtube.com/watch?v=9inczw6qtpY "Cross Site Request Funkery Securing Your Angular Apps From Evil Doers").