summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorRam Rachum <ram@rachum.com>2020-02-25 15:16:19 +0200
committerGitHub <noreply@github.com>2020-02-25 14:16:19 +0100
commit5b09354954348f1a56df32b2d7dbe074a23a4532 (patch)
treeabf67c8d665b7e97999fb5137c111a0f64f0a6a6 /docs
parent271fdab8b78af558238df51c64b4d1c8dd0792bb (diff)
Fixed #31291 -- Renamed salt to mask for CSRF tokens.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/csrf.txt6
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index 72277415af..7e2a5d45d0 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -239,15 +239,15 @@ The CSRF protection is based on the following things:
set on the request.
In order to protect against `BREACH`_ attacks, the token is not simply the
- secret; a random salt is prepended to the secret and used to scramble it.
+ secret; a random mask is prepended to the secret and used to scramble it.
For security reasons, the value of the secret is changed each time a
user logs in.
#. A hidden form field with the name 'csrfmiddlewaretoken' present in all
outgoing POST forms. The value of this field is, again, the value of the
- secret, with a salt which is both added to it and used to scramble it. The
- salt is regenerated on every call to ``get_token()`` so that the form field
+ secret, with a mask which is both added to it and used to scramble it. The
+ mask is regenerated on every call to ``get_token()`` so that the form field
value is changed in every such response.
This part is done by the template tag.