opendev/gerrit
Code Issues Proposed changes

Expand documentation of magic prefix in REST API's JSON responses

Browse Source 
Add a sentence explaining that the prefix is needed in order to
prevent XSSI attacks.

Change-Id: Ib22dc269c6f11e9ec0d31b84cd284e58a79b41c5
This commit is contained in:
David Pursehouse
2013-08-26 16:31:51 +09:00
parent f54b9efb8d
commit f6c0bec0b2
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Documentation/rest-api.txt
View File

@@ -59,9 +59,11 @@ requested by setting the `Accept` HTTP request header to include
----
JSON responses are encoded using UTF-8 and use content type
`application/json`. The JSON response body starts with a magic prefix
line that must be stripped before feeding the rest of the response
body to a JSON parser:
`application/json`.
To prevent against Cross Site Script Inclusion (XSSI) attacks, the JSON
response body starts with a magic prefix line that must be stripped before
feeding the rest of the response body to a JSON parser:
----
)]}'