diff options
| author | tommcn <tommcn@mcnamer.ca> | 2022-03-16 21:12:31 -0400 |
|---|---|---|
| committer | Mariusz Felisiak <felisiak.mariusz@gmail.com> | 2022-03-17 07:34:36 +0100 |
| commit | de5a453d51681e2f162cf3e51406ef9afc0c6863 (patch) | |
| tree | bb0d22d7c760d13354ffc5928ff5d262de9908f1 /docs | |
| parent | b8f7c84922ad5b5bf4195aabba0171506ea3c045 (diff) | |
[4.0.x] Corrected CSRF reference in middleware docs.
Backport of 8e633906403853868bcd7df62ba30a86151a944d from main
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/middleware.txt | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 412f8a99a4..cb1867f7ac 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -302,10 +302,11 @@ for: .. warning:: When your site is served via HTTPS, :ref:`Django's CSRF protection system - <using-csrf>` requires the ``Referer`` header to be present, so completely - disabling the ``Referer`` header will interfere with CSRF protection. To - gain most of the benefits of disabling ``Referer`` headers while also - keeping CSRF protection, consider enabling only same-origin referrers. + <how-csrf-works>` requires the ``Referer`` header to be present, so + completely disabling the ``Referer`` header will interfere with CSRF + protection. To gain most of the benefits of disabling ``Referer`` headers + while also keeping CSRF protection, consider enabling only same-origin + referrers. ``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a |