Skip to content

Commit 537e687

Browse files
sithmeinsberyozkin
sithmein
and
sberyozkin
authored
Update docs/src/main/asciidoc/security-cors.adoc
Co-authored-by: Sergey Beryozkin <[email protected]>
1 parent 69f88a8 commit 537e687

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

docs/src/main/asciidoc/security-cors.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,7 +36,7 @@ For regular CORS requests, the filter denies access with an HTTP 403 status if t
3636

3737
[NOTE]
3838
====
39-
Despite its name the CORS filter also prevents CSRF attacks based on link:https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#using-standard-headers-to-verify-origin[Origin verification].
39+
Despite its name the CORS filter may also prevent CSRF attacks based on link:https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#using-standard-headers-to-verify-origin[Origin verification].
4040
Therefore, since `Origin` headers are set by the browser, you may want to consider using it instead of the xref:security-csrf-prevention.adoc[REST CSRF filter].
4141
====
4242

0 commit comments

Comments
 (0)