From 528157ce73e4e7d9ee65c362d0cb4013eb17c5f0 Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Fri, 10 Jun 2011 15:14:36 +0000 Subject: Fixed #14201 - Add a "security overview" page to the docs Thanks to davidfischer for the initial patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/ref/clickjacking.txt | 2 ++ docs/ref/contrib/csrf.txt | 4 ++++ 2 files changed, 6 insertions(+) (limited to 'docs/ref') diff --git a/docs/ref/clickjacking.txt b/docs/ref/clickjacking.txt index cb0994e242..b70fe9f90d 100644 --- a/docs/ref/clickjacking.txt +++ b/docs/ref/clickjacking.txt @@ -26,6 +26,8 @@ the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the user visits the attacker site and clicks "I Like Ponies" he will inadvertently click on the online store's "Buy Now" button and unknowingly purchase the item. +.. _clickjacking-prevention: + Preventing clickjacking ======================= diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 8dc137353c..695b441108 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -21,6 +21,8 @@ can then be protected by following the steps below. .. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF .. _9.1.1 Safe Methods, HTTP 1.1, RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html +.. _using-csrf: + How to use it ============= @@ -182,6 +184,8 @@ The error page, however, is not very friendly, so you may want to provide your own view for handling this condition. To do this, simply set the :setting:`CSRF_FAILURE_VIEW` setting. +.. _how-csrf-works: + How it works ============ -- cgit v1.3