You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by ju...@apache.org on 2022/03/02 22:20:48 UTC
[apisix-website] branch master updated: docs: update csrf and api gateway. (#918)
This is an automated email from the ASF dual-hosted git repository.
juzhiyuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git
The following commit(s) were added to refs/heads/master by this push:
new e887811 docs: update csrf and api gateway. (#918)
e887811 is described below
commit e887811a3bdc8a905db6705f601edd4307609c09
Author: Ming Wen <mo...@gmail.com>
AuthorDate: Thu Mar 3 06:20:06 2022 +0800
docs: update csrf and api gateway. (#918)
Co-authored-by: yilinzeng <36...@users.noreply.github.com>
---
website/blog/2022/02/23/{csrf.md => csrf-api-gateway.md} | 12 +++++++++---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/website/blog/2022/02/23/csrf.md b/website/blog/2022/02/23/csrf-api-gateway.md
similarity index 94%
rename from website/blog/2022/02/23/csrf.md
rename to website/blog/2022/02/23/csrf-api-gateway.md
index 6afd7da..2f14130 100644
--- a/website/blog/2022/02/23/csrf.md
+++ b/website/blog/2022/02/23/csrf-api-gateway.md
@@ -1,5 +1,5 @@
---
-title: "Apache APISIX Enhances API Security by CSRF Plugin"
+title: "API Gateway Enhances Security by CSRF Plugin"
authors:
- name: "Yuan Bao"
title: "Author"
@@ -13,8 +13,10 @@ keywords:
- Apache APISIX
- API Security
- cross-site request forgery
-- CSRF Attack
-description: This article introduces `csrf`, the CSRF security plugin for Apache APISIX, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
+- CSRF
+- API Gateway
+
+description: This article introduces `csrf`, the CSRF security plugin for API Gateway, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
tags: [Technology,Ecosystem]
---
@@ -26,6 +28,10 @@ The key point of launching a cross-site request forgery attack is to make the ta
This article introduces `csrf`, the CSRF security plugin for Apache APISIX, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
+Apache APISIX is a dynamic, real-time, high-performance API gateway.
+
+APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.
+
## Plugin Introduction
The `csrf` plugin is implemented based on the `Double Submit Cookie` scheme. As defined in [RFC 7231#section-4.2.1](https://datatracker.ietf.org/doc/html/rfc7231.html#section-4.2.1), we consider the `GET`, `HEAD` and `OPTIONS` methods as **secure methods**. According to this convention, the `csrf` plug-in will let these three methods go directly, but will check the other methods and intercept any unsafe requests.