diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-06-10 15:14:36 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-06-10 15:14:36 +0000 |
| commit | 528157ce73e4e7d9ee65c362d0cb4013eb17c5f0 (patch) | |
| tree | 6e420c218f035b8b123ef1e947349d7a49d0aab5 /docs/ref | |
| parent | 41895618205d2dd0f2118b93e1ee7879dffe6223 (diff) | |
Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch!
git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/clickjacking.txt | 2 | ||||
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 4 |
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index cb0994e242..b70fe9f90d 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -26,6 +26,8 @@ the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the user visits the attacker site and clicks "I Like Ponies" he will inadvertently click on the online store's "Buy Now" button and unknowingly purchase the item. +.. _clickjacking-prevention: + Preventing clickjacking ======================= diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 8dc137353c..695b441108 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -21,6 +21,8 @@ can then be protected by following the steps below. .. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF .. _9.1.1 Safe Methods, HTTP 1.1, RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html +.. _using-csrf: + How to use it ============= @@ -182,6 +184,8 @@ The error page, however, is not very friendly, so you may want to provide your own view for handling this condition. To do this, simply set the :setting:`CSRF_FAILURE_VIEW` setting. +.. _how-csrf-works: + How it works ============ |
