diff options
| author | Ram Rachum <ram@rachum.com> | 2020-02-25 15:16:19 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-02-25 14:16:19 +0100 |
| commit | 5b09354954348f1a56df32b2d7dbe074a23a4532 (patch) | |
| tree | abf67c8d665b7e97999fb5137c111a0f64f0a6a6 /docs | |
| parent | 271fdab8b78af558238df51c64b4d1c8dd0792bb (diff) | |
Fixed #31291 -- Renamed salt to mask for CSRF tokens.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/csrf.txt | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index 72277415af..7e2a5d45d0 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -239,15 +239,15 @@ The CSRF protection is based on the following things: set on the request. In order to protect against `BREACH`_ attacks, the token is not simply the - secret; a random salt is prepended to the secret and used to scramble it. + secret; a random mask is prepended to the secret and used to scramble it. For security reasons, the value of the secret is changed each time a user logs in. #. A hidden form field with the name 'csrfmiddlewaretoken' present in all outgoing POST forms. The value of this field is, again, the value of the - secret, with a salt which is both added to it and used to scramble it. The - salt is regenerated on every call to ``get_token()`` so that the form field + secret, with a mask which is both added to it and used to scramble it. The + mask is regenerated on every call to ``get_token()`` so that the form field value is changed in every such response. This part is done by the template tag. |
