summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorThomas Chaumeny <t.chaumeny@gmail.com>2014-10-31 23:39:46 +0100
committerTim Graham <timograham@gmail.com>2014-11-03 07:47:39 -0500
commitd3db878e4beff057400dd780c24f3601a5d31f95 (patch)
tree093a397322edb251987ebdd4119ac1ec3e029046 /docs/ref
parentd968bd5258438694b000b347a482ddcd33a9b395 (diff)
Moved CSRF docs out of contrib.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/contrib/index.txt8
-rw-r--r--docs/ref/csrf.txt (renamed from docs/ref/contrib/csrf.txt)13
-rw-r--r--docs/ref/index.txt1
-rw-r--r--docs/ref/middleware.txt2
-rw-r--r--docs/ref/settings.txt4
-rw-r--r--docs/ref/templates/api.txt2
-rw-r--r--docs/ref/templates/builtins.txt2
7 files changed, 12 insertions, 20 deletions
diff --git a/docs/ref/contrib/index.txt b/docs/ref/contrib/index.txt
index ebfc2874b4..a4787f8643 100644
--- a/docs/ref/contrib/index.txt
+++ b/docs/ref/contrib/index.txt
@@ -25,7 +25,6 @@ those packages have.
admin/index
auth
contenttypes
- csrf
flatpages
formtools/index
gis/index
@@ -63,13 +62,6 @@ Django model is a separate content type.
See the :doc:`contenttypes documentation </ref/contrib/contenttypes>`.
-csrf
-====
-
-A middleware for preventing Cross Site Request Forgeries
-
-See the :doc:`csrf documentation </ref/contrib/csrf>`.
-
flatpages
=========
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/csrf.txt
index ac6c55a74c..9e682ec6ae 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -26,15 +26,14 @@ below.
How to use it
=============
-To enable CSRF protection for your views, follow these steps:
+To take advantage of CSRF protection in your views, follow these steps:
-1. Add the middleware
- ``'django.middleware.csrf.CsrfViewMiddleware'`` to your list of
- middleware classes, :setting:`MIDDLEWARE_CLASSES`. (It should come
- before any view middleware that assume that CSRF attacks have
- been dealt with.)
+1. The CSRF middleware is activated by default in the
+ :setting:`MIDDLEWARE_CLASSES` setting. If you override that setting, remember
+ that ``'django.middleware.csrf.CsrfViewMiddleware'`` should come before any
+ view middleware that assume that CSRF attacks have been dealt with.
- Alternatively, you can use the decorator
+ If you disabled it, which is not recommended, you can use
:func:`~django.views.decorators.csrf.csrf_protect` on particular views
you want to protect (see below).
diff --git a/docs/ref/index.txt b/docs/ref/index.txt
index 8aef2e9964..b81d8dd7d4 100644
--- a/docs/ref/index.txt
+++ b/docs/ref/index.txt
@@ -10,6 +10,7 @@ API Reference
class-based-views/index
clickjacking
contrib/index
+ csrf
databases
django-admin
exceptions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index eea2d94a84..3ba7d52b9d 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -388,7 +388,7 @@ CSRF protection middleware
Adds protection against Cross Site Request Forgeries by adding hidden form
fields to POST forms and checking requests for the correct value. See the
-:doc:`Cross Site Request Forgery protection documentation </ref/contrib/csrf>`.
+:doc:`Cross Site Request Forgery protection documentation </ref/csrf>`.
X-Frame-Options middleware
--------------------------
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 3fd1c44ce5..90f6e1e147 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -374,7 +374,7 @@ CSRF_COOKIE_NAME
Default: ``'csrftoken'``
The name of the cookie to use for the CSRF authentication token. This can be whatever you
-want. See :doc:`/ref/contrib/csrf`.
+want. See :doc:`/ref/csrf`.
.. setting:: CSRF_COOKIE_PATH
@@ -415,7 +415,7 @@ is rejected by the CSRF protection. The function should have this signature::
where ``reason`` is a short message (intended for developers or logging, not for
end users) indicating the reason the request was rejected. See
-:doc:`/ref/contrib/csrf`.
+:doc:`/ref/csrf`.
.. setting:: DATABASES
diff --git a/docs/ref/templates/api.txt b/docs/ref/templates/api.txt
index ac6c18fe79..08e001b039 100644
--- a/docs/ref/templates/api.txt
+++ b/docs/ref/templates/api.txt
@@ -576,7 +576,7 @@ django.core.context_processors.csrf
This processor adds a token that is needed by the :ttag:`csrf_token` template
tag for protection against :doc:`Cross Site Request Forgeries
-</ref/contrib/csrf>`.
+</ref/csrf>`.
django.core.context_processors.request
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt
index e9c2e0c391..fe9127bea5 100644
--- a/docs/ref/templates/builtins.txt
+++ b/docs/ref/templates/builtins.txt
@@ -70,7 +70,7 @@ csrf_token
^^^^^^^^^^
This tag is used for CSRF protection, as described in the documentation for
-:doc:`Cross Site Request Forgeries </ref/contrib/csrf>`.
+:doc:`Cross Site Request Forgeries </ref/csrf>`.
.. templatetag:: cycle