diff options
Diffstat (limited to 'docs/ref/middleware.txt')
| -rw-r--r-- | docs/ref/middleware.txt | 44 |
1 files changed, 22 insertions, 22 deletions
diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index 0cbcee4c4c..29e8f7b941 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -36,9 +36,9 @@ defines. See the :doc:`cache documentation </topics/cache>`. .. attribute:: response_redirect_class - Defaults to :class:`~django.http.HttpResponsePermanentRedirect`. Subclass - ``CommonMiddleware`` and override the attribute to customize the redirects - issued by the middleware. + Defaults to :class:`~django.http.HttpResponsePermanentRedirect`. + Subclass ``CommonMiddleware`` and override the attribute to customize + the redirects issued by the middleware. Adds a few conveniences for perfectionists: @@ -240,10 +240,10 @@ so that infrequent visitors will be protected (31536000 seconds, i.e. 1 year, is common). Additionally, if you set the :setting:`SECURE_HSTS_INCLUDE_SUBDOMAINS` setting -to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` directive -to the ``Strict-Transport-Security`` header. This is recommended (assuming all -subdomains are served exclusively using HTTPS), otherwise your site may still -be vulnerable via an insecure connection to a subdomain. +to ``True``, ``SecurityMiddleware`` will add the ``includeSubDomains`` +directive to the ``Strict-Transport-Security`` header. This is recommended +(assuming all subdomains are served exclusively using HTTPS), otherwise your +site may still be vulnerable via an insecure connection to a subdomain. If you wish to submit your site to the `browser preload list`_, set the :setting:`SECURE_HSTS_PRELOAD` setting to ``True``. That appends the @@ -339,13 +339,11 @@ this setting are: Instructs the browser to send the full URL as the referrer for same-origin links, and only the origin for cross-origin links. -``same-origin`` - Instructs the browser to send a full URL, but only for same-origin links. No - referrer will be sent for cross-origin links. +``same-origin`` Instructs the browser to send a full URL, but only for +same-origin links. No referrer will be sent for cross-origin links. -``strict-origin`` - Instructs the browser to send only the origin, not the full URL, and to send - no referrer when a protocol downgrade occurs. +``strict-origin`` Instructs the browser to send only the origin, not the full +URL, and to send no referrer when a protocol downgrade occurs. ``strict-origin-when-cross-origin`` Instructs the browser to send the full URL when the link is same-origin and @@ -509,19 +507,19 @@ every incoming ``HttpRequest`` object. See :ref:`Authentication in web requests .. method:: get_login_url() - Returns the URL that unauthenticated requests will be redirected to. This - result is either the ``login_url`` set on the - :func:`~django.contrib.auth.decorators.login_required` decorator (if not - ``None``), or :setting:`settings.LOGIN_URL <LOGIN_URL>`. + Returns the URL that unauthenticated requests will be redirected to. + This result is either the ``login_url`` set on the + :func:`~django.contrib.auth.decorators.login_required` decorator (if + not ``None``), or :setting:`settings.LOGIN_URL <LOGIN_URL>`. .. method:: get_redirect_field_name() Returns the name of the query parameter that contains the URL the user should be redirected to after a successful login. This result is either the ``redirect_field_name`` set on the - :func:`~.django.contrib.auth.decorators.login_required` decorator (if not - ``None``), or :attr:`redirect_field_name`. If ``None`` is returned, a query - parameter won't be added. + :func:`~.django.contrib.auth.decorators.login_required` decorator (if + not ``None``), or :attr:`redirect_field_name`. If ``None`` is returned, + a query parameter won't be added. Redirects all unauthenticated requests to a login page, except for views excluded with :func:`~.django.contrib.auth.decorators.login_not_required`. The @@ -605,7 +603,8 @@ You can add Cross Site Request Forgery protection to individual views using the .. class:: XFrameOptionsMiddleware -Simple :doc:`clickjacking protection via the X-Frame-Options header </ref/clickjacking/>`. +Simple :doc:`clickjacking protection via the X-Frame-Options header +</ref/clickjacking/>`. Content Security Policy middleware ---------------------------------- @@ -625,7 +624,8 @@ This middleware sets the following headers on the response depending on the available settings: * ``Content-Security-Policy``, based on :setting:`SECURE_CSP`. -* ``Content-Security-Policy-Report-Only``, based on :setting:`SECURE_CSP_REPORT_ONLY`. +* ``Content-Security-Policy-Report-Only``, based on + :setting:`SECURE_CSP_REPORT_ONLY`. .. _middleware-ordering: |