Update README.md

minor
itsharex · May 24, 2023 · 7544d09 · 7544d09
1 parent 5eb4b93
commit 7544d09
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,5 +1,7 @@
 # OpenAIAuth
-Library/Tool for automated authentication to ChatGPT. Intended for use with a tool like cURL to automate interactions with the OpenAI web interface. The cURL tool is often used in command-line contexts to make HTTP requests. Unlike a web browser or a browser automation tool like Puppeteer or Selenium, cURL doesn't automatically handle CSRF authentication. Thus, if a web application uses CSRF tokens as part of its security, browserless automated interactions with the application must correctly handle these tokens. This involves extracting the CSRF token from a set-cookie HTTP header, storing it, and then including it in subsequent requests as required by the application.
+Library/Tool for automated authentication to ChatGPT. Intended for use with a tool like cURL to automate interactions with the OpenAI web interface.
+
+The cURL tool is often used in command-line contexts to make HTTP requests. Unlike a web browser or a browser automation tool like Puppeteer or Selenium, cURL doesn't automatically handle CSRF authentication. Thus, if a web application uses CSRF tokens as part of its security, browserless automated interactions with the application must correctly handle these tokens. This involves extracting the CSRF token from a set-cookie HTTP header, storing it, and then including it in subsequent requests as required by the application.
 
 A CSRF token, or Cross-Site Request Forgery token, is a security measure used in web development to protect against CSRF attacks. In a CSRF attack, an attacker tricks a victim into performing an action on a web application in which they're authenticated. This is possible because web applications often trust that actions coming from a user's browser are intentional and legitimate when the user is authenticated. A CSRF token is a way to prevent these attacks. It's a unique, random value associated with a user's session, and it's typically embedded within the web form that the user is submitting. When the form is submitted, the server checks that the token in the form matches the token associated with the user's session. If the tokens don't match, the request is rejected. This obviously poses an obstacle to browserless automation.