diff options
| author | Ben Falk <falk.ben@gmail.com> | 2019-09-13 14:36:35 -0400 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2019-09-13 20:37:22 +0200 |
| commit | e0bb9092d14d7b43be20b8a61eafbd0e957f91f9 (patch) | |
| tree | ed167a11974090e91f214c1d5f776137e30e12f6 /docs | |
| parent | 4d72c14bafefddd073b715c59834494ab77e9aa1 (diff) | |
[3.0.x] Fixed typos in docs/ref/settings.txt.
Backport of 4056558a1c9cf650ab6e7cb1a319206d2e8c770f from master
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/settings.txt | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 1ec8e9d94c..75eaf25613 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -323,7 +323,7 @@ protection is safe from cross-subdomain attacks by default - please see the Default: ``False`` Whether to use ``HttpOnly`` flag on the CSRF cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the CSRF cookie. +``True``, client-side JavaScript will not be able to access the CSRF cookie. Designating the CSRF cookie as ``HttpOnly`` doesn't offer any practical protection because CSRF is only to protect against cross-domain attacks. If an @@ -1776,7 +1776,7 @@ deletes the old one. Default: ``False`` Whether to use ``HttpOnly`` flag on the language cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the language +``True``, client-side JavaScript will not be able to access the language cookie. See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``. @@ -3065,7 +3065,7 @@ This setting also affects cookies set by :mod:`django.contrib.messages`. Default: ``True`` Whether to use ``HttpOnly`` flag on the session cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the session +``True``, client-side JavaScript will not be able to access the session cookie. HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's part of |
