Updated documentation - Open Issue

csrfguard-test/csrfguard-test-jsp/src/main/webapp/WEB-INF/classes/Owasp.CsrfGuard.properties

@@ -328,7 +328,6 @@ org.owasp.csrfguard.Config.Print = true
 
 ##################################################################
 ## Javascript servlet settings if not set in web.xml            ##
-## https://wiki.owasp.org/index.php/CSRFGuard_3_Token_Injection ##
 ##################################################################
 
 # This property denotes the location of the JavaScript template file that should be consumed and dynamically

csrfguard/src/main/resources/csrfguard.properties

@@ -327,7 +327,7 @@ org.owasp.csrfguard.Config.Print = true
 
 ##################################################################
 ## Javascript servlet settings if not set in web.xml            ##
-## https://wiki.owasp.org/index.php/CSRFGuard_3_Token_Injection ##
+## https://owasp.org/www-project-csrfguard                      ##
 ##################################################################
 
 # This property denotes the location of the JavaScript template file that should be consumed and dynamically

info.md

@@ -79,8 +79,8 @@ If you have questions, would like to share or discuss ideas, please use the offi
 
 ## CSRFGuard 4.0 Release Notes:
 
-* [Support for stateless web applications](https://github.com/aramrami/OWASP-CSRFGuard/issues/122)
-* [Apply "TokenPerPage" approach to AJAX](https://github.com/aramrami/OWASP-CSRFGuard/issues/123)
+* [Support for stateless web applications](https://github.com/OWASP/www-project-csrfguard/issues/4)
+* [Apply "TokenPerPage" approach to AJAX](https://github.com/OWASP/www-project-csrfguard/issues/2)
 * [Reduced code duplication](https://github.com/aramrami/OWASP-CSRFGuard/issues/127)
 * [Proper multi-module maven project structure](https://github.com/aramrami/OWASP-CSRFGuard/issues/128)
 * [The test JSP web application now relies on the latest development JavaScript code](https://github.com/aramrami/OWASP-CSRFGuard/issues/133)

readme.md

@@ -175,30 +175,4 @@ git push origin <tag_name>
 You can download pre-compiled versions from:
 
 * [Maven Central repository](https://search.maven.org/search?q=csrfguard)
-* [OSS Sonatype Nexus repository](https://oss.sonatype.org/#nexus-search;gav~~csrfguard~~~)
-
-## CSRFGuard 4.0.0 Release Notes
-
-* [Support for stateless web applications](https://github.com/aramrami/OWASP-CSRFGuard/issues/122)
-* [Apply "TokenPerPage" approach to AJAX](https://github.com/aramrami/OWASP-CSRFGuard/issues/123)
-* [Reduced code duplication](https://github.com/aramrami/OWASP-CSRFGuard/issues/127)
-* [Proper multi-module maven project structure](https://github.com/aramrami/OWASP-CSRFGuard/issues/128)
-* [The test JSP web application now relies on the latest development JavaScript code](https://github.com/aramrami/OWASP-CSRFGuard/issues/133)
-* [Improved code quality](https://github.com/aramrami/OWASP-CSRFGuard/issues/134)
-* [Addressing synchronous XMLHttpRequest deprecation](https://github.com/aramrami/OWASP-CSRFGuard/issues/137)
-* [Approach changed for master and page token retrieval](https://github.com/aramrami/OWASP-CSRFGuard/issues/139)
-* [Improved test coverage](https://github.com/aramrami/OWASP-CSRFGuard/issues/140)
-* [Better solution for looking up page tokens in the JS](https://github.com/aramrami/OWASP-CSRFGuard/issues/141)
-* [The javascript template is now parsable and minifiable](https://github.com/aramrami/OWASP-CSRFGuard/issues/142)
-* [Short-circuit the solution logic if CSRFGuard is disabled](https://github.com/aramrami/OWASP-CSRFGuard/issues/143)
-* [Do not generate page tokens for pages that are not protected](https://github.com/aramrami/OWASP-CSRFGuard/issues/144)
-* [Page tokens generated on first use are not sent back to the client](https://github.com/aramrami/OWASP-CSRFGuard/issues/145)
-* [Issue with the token-per-page support for REST endpoint containing path parameters](https://github.com/aramrami/OWASP-CSRFGuard/issues/146)
-* [Possible race condition on first access of endpoints when token-per-page and AJAX request options are enabled](https://github.com/aramrami/OWASP-CSRFGuard/issues/147)
-* [Tokens are not injected into dynamically created DOM elements ](https://github.com/aramrami/OWASP-CSRFGuard/issues/148)
-* [Make the configuration more resilient to errors](https://github.com/aramrami/OWASP-CSRFGuard/issues/149)
-* [Tokens should not be injected into external links if the domainStrict property is set to true](https://github.com/aramrami/OWASP-CSRFGuard/issues/150)
-* [Tokens not injected in dynamic content returned from Ajax](https://github.com/aramrami/OWASP-CSRFGuard/issues/151)
-* Heavily refactored, improved and more optimized code-base
-* Documentation update and typo fixes.
-* Copyright update and unification.
+* [OSS Sonatype Nexus repository](https://oss.sonatype.org/#nexus-search;gav~~csrfguard~~~)

tab_features.md

@@ -9,34 +9,9 @@ tags: csrfguard
 ---
 # OWASP CSRFGuard 4.0.0
 
-![OWASP CSRFGuard 4.0.0](assets/images/csrfguard_3.1.0.png)
+![OWASP CSRFGuard 4.0.0](assets/images/csrfguard.png)
 
-# Some CSRGuard features
-
-## Tags
-```
-<img src=“https://bank.com/fn?param=1”>
-<iframe src=“https://bank.com/fn?param=1”>
-<script src=“https://bank.com/fn?param=1”>
-```
-
-## Autoposting Forms
-```
-<body onload="document.forms[0].submit()">
-<form method="POST" action=“https://bank.com/fn”>
-   <input type="hidden" name="sp" value="8109"/>
-</form>
-```
-## XmlHttpRequest
-Subject to same origin policy
-
-## Credentials Included
-
-![Credentials Included](assets/images/credentials_included.png)
-
-# How Does CSRF Work?
-
-## What is CSRF (Cross-Site Request Forgery) Attacks
+## What are CSRF (Cross-Site Request Forgery) Attacks?
 
 ![How Does CSRF Work](assets/images/what_is_csrf_attacks_1.png)
 ![How Does CSRF Work](assets/images/what_is_csrf_attacks_2.png)