diff options
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/contrib/index.txt | 8 | ||||
| -rw-r--r-- | docs/ref/csrf.txt (renamed from docs/ref/contrib/csrf.txt) | 13 | ||||
| -rw-r--r-- | docs/ref/index.txt | 1 | ||||
| -rw-r--r-- | docs/ref/middleware.txt | 2 | ||||
| -rw-r--r-- | docs/ref/settings.txt | 4 | ||||
| -rw-r--r-- | docs/ref/templates/api.txt | 2 | ||||
| -rw-r--r-- | docs/ref/templates/builtins.txt | 2 |
7 files changed, 12 insertions, 20 deletions
diff --git a/docs/ref/contrib/index.txt b/docs/ref/contrib/index.txt index ebfc2874b4..a4787f8643 100644 --- a/docs/ref/contrib/index.txt +++ b/docs/ref/contrib/index.txt @@ -25,7 +25,6 @@ those packages have. admin/index auth contenttypes - csrf flatpages formtools/index gis/index @@ -63,13 +62,6 @@ Django model is a separate content type. See the :doc:`contenttypes documentation </ref/contrib/contenttypes>`. -csrf -==== - -A middleware for preventing Cross Site Request Forgeries - -See the :doc:`csrf documentation </ref/contrib/csrf>`. - flatpages ========= diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/csrf.txt index ac6c55a74c..9e682ec6ae 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/csrf.txt @@ -26,15 +26,14 @@ below. How to use it ============= -To enable CSRF protection for your views, follow these steps: +To take advantage of CSRF protection in your views, follow these steps: -1. Add the middleware - ``'django.middleware.csrf.CsrfViewMiddleware'`` to your list of - middleware classes, :setting:`MIDDLEWARE_CLASSES`. (It should come - before any view middleware that assume that CSRF attacks have - been dealt with.) +1. The CSRF middleware is activated by default in the + :setting:`MIDDLEWARE_CLASSES` setting. If you override that setting, remember + that ``'django.middleware.csrf.CsrfViewMiddleware'`` should come before any + view middleware that assume that CSRF attacks have been dealt with. - Alternatively, you can use the decorator + If you disabled it, which is not recommended, you can use :func:`~django.views.decorators.csrf.csrf_protect` on particular views you want to protect (see below). diff --git a/docs/ref/index.txt b/docs/ref/index.txt index 8aef2e9964..b81d8dd7d4 100644 --- a/docs/ref/index.txt +++ b/docs/ref/index.txt @@ -10,6 +10,7 @@ API Reference class-based-views/index clickjacking contrib/index + csrf databases django-admin exceptions diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index eea2d94a84..3ba7d52b9d 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -388,7 +388,7 @@ CSRF protection middleware Adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value. See the -:doc:`Cross Site Request Forgery protection documentation </ref/contrib/csrf>`. +:doc:`Cross Site Request Forgery protection documentation </ref/csrf>`. X-Frame-Options middleware -------------------------- diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 3fd1c44ce5..90f6e1e147 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -374,7 +374,7 @@ CSRF_COOKIE_NAME Default: ``'csrftoken'`` The name of the cookie to use for the CSRF authentication token. This can be whatever you -want. See :doc:`/ref/contrib/csrf`. +want. See :doc:`/ref/csrf`. .. setting:: CSRF_COOKIE_PATH @@ -415,7 +415,7 @@ is rejected by the CSRF protection. The function should have this signature:: where ``reason`` is a short message (intended for developers or logging, not for end users) indicating the reason the request was rejected. See -:doc:`/ref/contrib/csrf`. +:doc:`/ref/csrf`. .. setting:: DATABASES diff --git a/docs/ref/templates/api.txt b/docs/ref/templates/api.txt index ac6c18fe79..08e001b039 100644 --- a/docs/ref/templates/api.txt +++ b/docs/ref/templates/api.txt @@ -576,7 +576,7 @@ django.core.context_processors.csrf This processor adds a token that is needed by the :ttag:`csrf_token` template tag for protection against :doc:`Cross Site Request Forgeries -</ref/contrib/csrf>`. +</ref/csrf>`. django.core.context_processors.request ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index e9c2e0c391..fe9127bea5 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -70,7 +70,7 @@ csrf_token ^^^^^^^^^^ This tag is used for CSRF protection, as described in the documentation for -:doc:`Cross Site Request Forgeries </ref/contrib/csrf>`. +:doc:`Cross Site Request Forgeries </ref/csrf>`. .. templatetag:: cycle |
