Formatting fix for host headers section

author: David Fischer <djfische@gmail.com> 2012-09-06 16:10:08 -0400
committer: David Fischer <djfische@gmail.com> 2012-09-06 16:10:08 -0400
commit: 58786897a1e3ef5d31134cb0870a321425d56fea (patch)
tree: cf3d43f8c523300084506616b36456932b643b3f /docs/topics/security.txt
parent: c65100248ddc4c305487013846b9fd343f7f3078 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/docs/topics/security.txt b/docs/topics/security.txt
index 797ab0b594..0a3c6bff02 100644
--- a/docs/topics/security.txt
+++ b/docs/topics/security.txt
@@ -176,11 +176,11 @@ Site Scripting attacks, they can be used for Cross-Site Request
 Forgery and cache poisoning attacks in some circumstances. We
 recommend you ensure your Web server is configured such that:
 
-    * It always validates incoming HTTP ``Host`` headers against the expected
-      host name.
-    * Disallows requests with no ``Host`` header.
-    * Is *not* configured with a catch-all virtual host that forwards requests
-      to a Django application.
+* It always validates incoming HTTP ``Host`` headers against the expected
+  host name.
+* Disallows requests with no ``Host`` header.
+* Is *not* configured with a catch-all virtual host that forwards requests
+  to a Django application.
 
 Additionally, as of 1.3.1, Django requires you to explicitly enable support for
 the ``X-Forwarded-Host`` header if your configuration requires it.
author	David Fischer <djfische@gmail.com>	2012-09-06 16:10:08 -0400
committer	David Fischer <djfische@gmail.com>	2012-09-06 16:10:08 -0400
commit	58786897a1e3ef5d31134cb0870a321425d56fea (patch)
tree	cf3d43f8c523300084506616b36456932b643b3f /docs/topics/security.txt
parent	c65100248ddc4c305487013846b9fd343f7f3078 (diff)