[Django] #34990: Change external link for CSRF reference docs to OWASP

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------
Reporter: Timothy | Owner: Timothy Schilling
Schilling |
Type: | Status: assigned
Cleanup/optimization |
Component: | Version: dev
Documentation | Keywords: csrf,
Severity: Normal | documentation, owasp
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-------------------------------------+-------------------------------------
The CSRF reference docs links to https://www.squarefree.com/securitytips
/web-developers.html#CSRF

I propose it should link to https://owasp.org/www-
community/attacks/csrf#overview

Open Worldwide Application Security Project (OWASP) is the standard for
security related questions, we should be pushing developers to that
resource. Beyond that, the examples on that page do a much better job of
explaining a CSRF attack and how to protect against it.

--
Ticket URL: <https://code.djangoproject.com/ticket/34990>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------

Reporter: Timothy Schilling | Owner: Timothy
Type: | Schilling
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:
Keywords: csrf, | Triage Stage:
documentation, owasp | Unreviewed
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Timothy Schilling):

* has_patch: 0 => 1

--
Ticket URL: <https://code.djangoproject.com/ticket/34990#comment:1>

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------
Reporter: Timothy Schilling | Owner: Timothy
Type: | Schilling
Cleanup/optimization | Status: assigned
Component: Documentation | Version: dev
Severity: Normal | Resolution:

Keywords: csrf, | Triage Stage: Accepted
documentation, owasp |

Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by Mariusz Felisiak):

* stage: Unreviewed => Accepted

Comment:

[https://github.com/django/django/pull/17512 PR]

--
Ticket URL: <https://code.djangoproject.com/ticket/34990#comment:2>

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------
Reporter: Timothy Schilling | Owner: Timothy
Type: | Schilling

Cleanup/optimization | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed

Keywords: csrf, | Triage Stage: Accepted
documentation, owasp |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Changes (by GitHub <noreply@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"aceee39d44994df20d13104e55ae61845d7a1e95" aceee39d]:
{{{
#!CommitTicketReference repository=""
revision="aceee39d44994df20d13104e55ae61845d7a1e95"
Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34990#comment:3>

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------
Reporter: Timothy Schilling | Owner: Timothy
Type: | Schilling
Cleanup/optimization | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: csrf, | Triage Stage: Accepted
documentation, owasp |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Mariusz Felisiak <felisiak.mariusz@…>):

In [changeset:"06bdf62b56a7cbd37a74b590587a8ae51b206321" 06bdf62b]:
{{{
#!CommitTicketReference repository=""
revision="06bdf62b56a7cbd37a74b590587a8ae51b206321"
[5.0.x] Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.

Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34990#comment:4>

[Django]

#34990: Change external link for CSRF reference docs to OWASP
-------------------------------------+-------------------------------------
Reporter: Timothy Schilling | Owner: Timothy
Type: | Schilling
Cleanup/optimization | Status: closed
Component: Documentation | Version: dev
Severity: Normal | Resolution: fixed
Keywords: csrf, | Triage Stage: Accepted
documentation, owasp |
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------------+-------------------------------------

Comment (by Mariusz Felisiak <felisiak.mariusz@…>):

In [changeset:"6d7313bc870b0a37287dc7e3b30b1b5583c9ef0e" 6d7313bc]:
{{{
#!CommitTicketReference repository=""
revision="6d7313bc870b0a37287dc7e3b30b1b5583c9ef0e"
[4.2.x] Fixed #34990 -- Changed link to OWASP in CSRF docs.

The OWASP site is the standard resource for web application
security information.
Backport of aceee39d44994df20d13104e55ae61845d7a1e95 from main
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/34990#comment:5>