mirror of
https://github.com/django/django.git
synced 2025-10-24 14:16:09 +00:00
Fixed #14201 - Add a "security overview" page to the docs
Thanks to davidfischer for the initial patch! git-svn-id: http://code.djangoproject.com/svn/django/trunk@16360 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
@@ -26,6 +26,8 @@ the "Buy Now" button is invisibly overlaid on the "I Like Ponies" button. If the
|
||||
user visits the attacker site and clicks "I Like Ponies" he will inadvertently
|
||||
click on the online store's "Buy Now" button and unknowingly purchase the item.
|
||||
|
||||
.. _clickjacking-prevention:
|
||||
|
||||
Preventing clickjacking
|
||||
=======================
|
||||
|
||||
|
@@ -21,6 +21,8 @@ can then be protected by following the steps below.
|
||||
.. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF
|
||||
.. _9.1.1 Safe Methods, HTTP 1.1, RFC 2616: http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html
|
||||
|
||||
.. _using-csrf:
|
||||
|
||||
How to use it
|
||||
=============
|
||||
|
||||
@@ -182,6 +184,8 @@ The error page, however, is not very friendly, so you may want to provide your
|
||||
own view for handling this condition. To do this, simply set the
|
||||
:setting:`CSRF_FAILURE_VIEW` setting.
|
||||
|
||||
.. _how-csrf-works:
|
||||
|
||||
How it works
|
||||
============
|
||||
|
||||
|
Reference in New Issue
Block a user