summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authortommcn <tommcn@mcnamer.ca>2022-03-16 21:12:31 -0400
committerMariusz Felisiak <felisiak.mariusz@gmail.com>2022-03-17 06:03:10 +0100
commit8e633906403853868bcd7df62ba30a86151a944d (patch)
tree5f8daf021a57f0b89f3e6b0d2d3653e2088a1965 /docs
parent9c04af837a333caa3e06a72ae53f77c064c94c3e (diff)
Corrected CSRF reference in middleware docs.
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/middleware.txt9
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index fe04f0b3ef..6e7a17661c 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -297,10 +297,11 @@ for:
.. warning::
When your site is served via HTTPS, :ref:`Django's CSRF protection system
- <using-csrf>` requires the ``Referer`` header to be present, so completely
- disabling the ``Referer`` header will interfere with CSRF protection. To
- gain most of the benefits of disabling ``Referer`` headers while also
- keeping CSRF protection, consider enabling only same-origin referrers.
+ <how-csrf-works>` requires the ``Referer`` header to be present, so
+ completely disabling the ``Referer`` header will interfere with CSRF
+ protection. To gain most of the benefits of disabling ``Referer`` headers
+ while also keeping CSRF protection, consider enabling only same-origin
+ referrers.
``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on
the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a