mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-06-04 11:09:13 +00:00
Code Issues 32 Releases Wiki Activity

Corrected CSRF reference in middleware docs.

Browse Source
This commit is contained in:
tommcn 2022-03-16 21:12:31 -04:00 committed by Mariusz Felisiak
parent 9c04af837a
commit 8e63390640
1 changed files with 5 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/ref/middleware.txt
View File

@ -297,10 +297,11 @@ for:
.. warning:: .. warning::
When your site is served via HTTPS, :ref:`Django's CSRF protection system When your site is served via HTTPS, :ref:`Django's CSRF protection system
<using-csrf>` requires the ``Referer`` header to be present, so completely <how-csrf-works>` requires the ``Referer`` header to be present, so
disabling the ``Referer`` header will interfere with CSRF protection. To completely disabling the ``Referer`` header will interfere with CSRF
gain most of the benefits of disabling ``Referer`` headers while also protection. To gain most of the benefits of disabling ``Referer`` headers
keeping CSRF protection, consider enabling only same-origin referrers. while also keeping CSRF protection, consider enabling only same-origin
referrers.
``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on ``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on
the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a