Skip to content

Update: Table of Contents for CSRF Cheat Sheet #1892

New issue
New issue
Open
Open
Update: Table of Contents for CSRF Cheat Sheet#1892
Labels
ACK_WAITINGIssue waiting acknowledgement from core team before to start the work to fix it.HELP_WANTEDIssue for which help is wanted to do the job.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.
@mkhanas

Description

@mkhanas
mkhanas
opened on Nov 16, 2025

What is missing or needs to be updated?

With the addition of the Fetch Metadata section, the CSRF Cheat Sheet has become somewhat harder to navigate. Currently, recommended mitigation patterns are mixed in the middle of the table of contents, which may make it less clear for developers to quickly find core recommendations.

The list in the Introduction section may also need updating to reflect any reordering.

This was brought up as part of the Update Fetch Metadata positioning PR, and it was decided to create a separate issue to discuss possible updates.

How should this be resolved?

The structure could look more like this:

## Disallowing Simple Requests
## Token-Based Mitigation
...
## Fetch Metadata Headers
## Dealing with Client-Side CSRF Attacks
## Defense In Depth Techniques

We discussed this as a possible high-level structure, but there are definitely other improvements to be made, especially at the subsection level, to improve clarity and prioritisation of the content.

Metadata

Metadata

Assignees

No one assigned

    Labels

    ACK_WAITINGIssue waiting acknowledgement from core team before to start the work to fix it.HELP_WANTEDIssue for which help is wanted to do the job.UPDATE_CSIssue about the update/refactoring of a existing cheat sheet.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions