summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/ref/settings.txt4
1 files changed, 2 insertions, 2 deletions
diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt
index 9618f1f039..7937995442 100644
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -323,7 +323,7 @@ protection is safe from cross-subdomain attacks by default - please see the
Default: ``False``
Whether to use ``HttpOnly`` flag on the CSRF cookie. If this is set to
-``True``, client-side JavaScript will not to be able to access the CSRF cookie.
+``True``, client-side JavaScript will not be able to access the CSRF cookie.
Designating the CSRF cookie as ``HttpOnly`` doesn't offer any practical
protection because CSRF is only to protect against cross-domain attacks. If an
@@ -3012,7 +3012,7 @@ This setting also affects cookies set by :mod:`django.contrib.messages`.
Default: ``True``
Whether to use ``HttpOnly`` flag on the session cookie. If this is set to
-``True``, client-side JavaScript will not to be able to access the session
+``True``, client-side JavaScript will not be able to access the session
cookie.
HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's part of