From b4b2e39a7c4b3d0cfb2e354086b518135deac99f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaakko=20Kera=CC=88nen?= Date: Mon, 2 Sep 2024 21:50:51 +0300 Subject: [PATCH 1/1] Typo --- app-guide.gmi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app-guide.gmi b/app-guide.gmi index 808dda2..0e871b1 100644 --- a/app-guide.gmi +++ b/app-guide.gmi @@ -519,7 +519,7 @@ Here "D3F83AC2" is an access token that your application has generated. Dependin You can combine these methods to generate even more secure tokens that an attacker is unable to guess even if they learn the hash of your client certificate, or if they periodically scrape your application to figure out the currently valid random tokens (assuming the random tokens they are used on publicly accessible pages; random tokens on pages protected by your client certificate are naturally not visible to any attacker). -Use your discression when choosing which actions should be protected with access tokens. Dynamically generating all action links may be cumbersome to implement, and not all actions need to be protected. It is a good idea to include a token in all destructive or difficult-to-undo actions, and also actions that spammers might use to insert unwanted content into your application. +Use your discretion when choosing which actions should be protected with access tokens. Dynamically generating all action links may be cumbersome to implement, and not all actions need to be protected. It is a good idea to include a token in all destructive or difficult-to-undo actions, and also actions that spammers might use to insert unwanted content into your application. ### Confirmation queries -- 2.34.1