diff options
| author | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-09-30 12:58:41 +0000 |
|---|---|---|
| committer | Achilleas Pipinellis <axilleas@axilleas.me> | 2016-09-30 12:58:41 +0000 |
| commit | 91a91557ce4aeeafa34856009359bb6c34e3e10e (patch) | |
| tree | b8b712de74856645d9c4a97faff47dbd7f6cde08 /doc/api/oauth2.md | |
| parent | 5838d1ba892872553dcd4e3945a3fab8faf339a4 (diff) | |
| parent | b9daced7a2814fa74a3f0dddf38858100678c6b1 (diff) | |
| download | gitlab-ce-91a91557ce4aeeafa34856009359bb6c34e3e10e.tar.gz | |
Merge branch 'master' into 'fix_oauth_doc'
# Conflicts:
# doc/api/oauth2.md
Diffstat (limited to 'doc/api/oauth2.md')
| -rw-r--r-- | doc/api/oauth2.md | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 3ea481eadb5..5ef5e3f5744 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -48,7 +48,7 @@ You should then use the `code` to request an access token. >**Important:** It is highly recommended that you send a `state` value with the request to `/oauth/authorize` and validate that value is returned and matches in the redirect request. -This is important to prevent [CSFR attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow), +This is important to prevent [CSRF attacks](http://www.oauthsecurity.com/#user-content-authorization-code-flow), `state` really should have been a requirement in the standard! ### 3. Requesting the access token @@ -134,4 +134,4 @@ access_token = client.password.get_token('user@example.com', 'secret') puts access_token.token ``` -[personal access tokens]: ./README.md#personal-access-tokens +[personal access tokens]: ./README.md#personal-access-tokens
\ No newline at end of file |