summaryrefslogtreecommitdiff
path: root/docs/topics
diff options
context:
space:
mode:
Diffstat (limited to 'docs/topics')
-rw-r--r--docs/topics/security.txt4
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index eb1172e7e8..ff33e8be6d 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -65,10 +65,10 @@ this if you know what you are doing. There are other :ref:`limitations
<csrf-limitations>` if your site has subdomains that are outside of your
control.
-:ref:`CSRF protection works <how-csrf-works>` by checking for a nonce in each
+:ref:`CSRF protection works <how-csrf-works>` by checking for a secret in each
POST request. This ensures that a malicious user cannot simply "replay" a form
POST to your website and have another logged in user unwittingly submit that
-form. The malicious user would have to know the nonce, which is user specific
+form. The malicious user would have to know the secret, which is user specific
(using a cookie).
When deployed with :ref:`HTTPS <security-recommendation-ssl>`,