summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/clickjacking.txt2
-rw-r--r--docs/ref/contrib/csrf.txt4
2 files changed, 6 insertions, 0 deletions
diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt
index cb0994e242..b70fe9f90d 100644
--- a/docs/ref/clickjacking.txt
+++ b/docs/ref/clickjacking.txt
@@ -26,6 +26,8 @@ the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the
user visits the attacker site and clicks "I Like Ponies" he will inadvertently
click on the online store's "Buy Now" button and unknowingly purchase the item.
+.. _clickjacking-prevention:
+
Preventing clickjacking
=======================
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 8dc137353c..695b441108 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -21,6 +21,8 @@ can then be protected by following the steps below.
.. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF
.. _9.1.1 Safe Methods, HTTP 1.1, RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
+.. _using-csrf:
+
How to use it
=============
@@ -182,6 +184,8 @@ The error page, however, is not very friendly, so you may want to provide your
own view for handling this condition. To do this, simply set the
:setting:`CSRF_FAILURE_VIEW` setting.
+.. _how-csrf-works:
+
How it works
============