summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorNick Pope <nick.pope@flightdataservices.com>2019-03-24 21:26:04 +0000
committerCarlton Gibson <carlton.gibson@noumenal.es>2019-09-09 13:42:31 +0200
commitbe053c0b2a5160246e3ca76ff4802e9181ae6f7d (patch)
tree409e9ed278d8245623d43c6b9d5ec4f0d50e7bc9 /docs
parent1f304ebdc6ccdf42c8be96e972867981c7a0cb48 (diff)
[2.2.x] Standardized links for headers in security middleware documentation.
Backport of fc62e16291136513ac0d67d6a2c71e8674740435 from master
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/middleware.txt8
1 files changed, 4 insertions, 4 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 62df23c7dc..db70a7c14d 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -197,7 +197,7 @@ HTTP Strict Transport Security
For sites that should only be accessed over HTTPS, you can instruct modern
browsers to refuse to connect to your domain name via an insecure connection
(for a given period of time) by setting the `"Strict-Transport-Security"
-header`_. This reduces your exposure to some SSL-stripping man-in-the-middle
+header`__. This reduces your exposure to some SSL-stripping man-in-the-middle
(MITM) attacks.
``SecurityMiddleware`` will set this header for you on all HTTPS responses if
@@ -238,7 +238,7 @@ If you wish to submit your site to the `browser preload list`_, set the
it may be because Django doesn't realize that it's on a secure connection;
you may need to set the :setting:`SECURE_PROXY_SSL_HEADER` setting.
-.. _"Strict-Transport-Security" header: https://en.wikipedia.org/wiki/Strict_Transport_Security
+__ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security
.. _browser preload list: https://hstspreload.org/
.. _x-content-type-options:
@@ -281,7 +281,7 @@ attack`_. They work by looking for JavaScript content in the GET or POST
parameters of a page. If the JavaScript is replayed in the server's response,
the page is blocked from rendering and an error page is shown instead.
-The `X-XSS-Protection header`_ is used to control the operation of the
+The `X-XSS-Protection header`__ is used to control the operation of the
XSS filter.
To enable the XSS filter in the browser, and force it to always block
@@ -296,7 +296,7 @@ header. ``SecurityMiddleware`` will do this for all responses if the
sanitizing <cross-site-scripting>` all input to prevent XSS attacks.
.. _XSS attack: https://en.wikipedia.org/wiki/Cross-site_scripting
-.. _X-XSS-Protection header: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
+__ https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
.. _ssl-redirect: