You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by ju...@apache.org on 2022/03/02 22:20:48 UTC

[apisix-website] branch master updated: docs: update csrf and api gateway. (#918)

This is an automated email from the ASF dual-hosted git repository.

juzhiyuan pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-website.git


The following commit(s) were added to refs/heads/master by this push:
     new e887811  docs: update csrf and api gateway. (#918)
e887811 is described below

commit e887811a3bdc8a905db6705f601edd4307609c09
Author: Ming Wen <mo...@gmail.com>
AuthorDate: Thu Mar 3 06:20:06 2022 +0800

    docs: update csrf and api gateway. (#918)
    
    Co-authored-by: yilinzeng <36...@users.noreply.github.com>
---
 website/blog/2022/02/23/{csrf.md => csrf-api-gateway.md} | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/website/blog/2022/02/23/csrf.md b/website/blog/2022/02/23/csrf-api-gateway.md
similarity index 94%
rename from website/blog/2022/02/23/csrf.md
rename to website/blog/2022/02/23/csrf-api-gateway.md
index 6afd7da..2f14130 100644
--- a/website/blog/2022/02/23/csrf.md
+++ b/website/blog/2022/02/23/csrf-api-gateway.md
@@ -1,5 +1,5 @@
 ---
-title: "Apache APISIX Enhances API Security by CSRF Plugin"
+title: "API Gateway Enhances Security by CSRF Plugin"
 authors:
   - name: "Yuan Bao"
     title: "Author"
@@ -13,8 +13,10 @@ keywords:
 - Apache APISIX
 - API Security
 - cross-site request forgery
-- CSRF Attack
-description: This article introduces `csrf`, the CSRF security plugin for Apache APISIX, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
+- CSRF
+- API Gateway
+
+description: This article introduces `csrf`, the CSRF security plugin for API Gateway, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
 tags: [Technology,Ecosystem]
 ---
 
@@ -26,6 +28,10 @@ The key point of launching a cross-site request forgery attack is to make the ta
 
 This article introduces `csrf`, the CSRF security plugin for Apache APISIX, and details how to secure your API information in Apache APISIX with the help of the `csrf` plugin.
 
+Apache APISIX is a dynamic, real-time, high-performance API gateway.
+
+APISIX provides rich traffic management features such as load balancing, dynamic upstream, canary release, circuit breaking, authentication, observability, and more.
+
 ## Plugin Introduction
 
 The `csrf` plugin is implemented based on the `Double Submit Cookie` scheme. As defined in [RFC 7231#section-4.2.1](https://datatracker.ietf.org/doc/html/rfc7231.html#section-4.2.1), we consider the `GET`, `HEAD` and `OPTIONS` methods as **secure methods**. According to this convention, the `csrf` plug-in will let these three methods go directly, but will check the other methods and intercept any unsafe requests.