summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-06-10 15:14:36 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-06-10 15:14:36 +0000
commit528157ce73e4e7d9ee65c362d0cb4013eb17c5f0 (patch)
tree6e420c218f035b8b123ef1e947349d7a49d0aab5 /docs/ref
parent41895618205d2dd0f2118b93e1ee7879dffe6223 (diff)
Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/clickjacking.txt2
-rw-r--r--docs/ref/contrib/csrf.txt4
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index cb0994e242..b70fe9f90d 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -26,6 +26,8 @@ the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the
user visits the attacker site and clicks "I Like Ponies" he will inadvertently
click on the online store's "Buy Now" button and unknowingly purchase the item.
+.. _clickjacking-prevention:
+
Preventing clickjacking
=======================
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 8dc137353c..695b441108 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -21,6 +21,8 @@ can then be protected by following the steps below.
.. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF
.. _9.1.1 Safe Methods, HTTP 1.1, RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
+.. _using-csrf:
+
How to use it
=============
@@ -182,6 +184,8 @@ The error page, however, is not very friendly, so you may want to provide your
own view for handling this condition. To do this, simply set the
:setting:`CSRF_FAILURE_VIEW` setting.
+.. _how-csrf-works:
+
How it works
============