Loading docs/index.txt +1 −1 Original line number Diff line number Diff line Loading @@ -227,7 +227,7 @@ applications and Django provides multiple protection tools and mechanisms: * :doc:`Security overview <topics/security>` * :doc:`Disclosed security issues in Django <releases/security>` * :doc:`Clickjacking protection <ref/clickjacking>` * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>` * :doc:`Cross Site Request Forgery protection <ref/csrf>` * :doc:`Cryptographic signing <topics/signing>` * :ref:`Security Middleware <security-middleware>` Loading docs/ref/contrib/index.txt +0 −8 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ those packages have. admin/index auth contenttypes csrf flatpages formtools/index gis/index Loading Loading @@ -63,13 +62,6 @@ Django model is a separate content type. See the :doc:`contenttypes documentation </ref/contrib/contenttypes>`. csrf ==== A middleware for preventing Cross Site Request Forgeries See the :doc:`csrf documentation </ref/contrib/csrf>`. flatpages ========= Loading docs/ref/contrib/csrf.txt→docs/ref/csrf.txt +6 −7 Original line number Diff line number Diff line Loading @@ -26,15 +26,14 @@ below. How to use it ============= To enable CSRF protection for your views, follow these steps: To take advantage of CSRF protection in your views, follow these steps: 1. Add the middleware ``'django.middleware.csrf.CsrfViewMiddleware'`` to your list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. (It should come before any view middleware that assume that CSRF attacks have been dealt with.) 1. The CSRF middleware is activated by default in the :setting:`MIDDLEWARE_CLASSES` setting. If you override that setting, remember that ``'django.middleware.csrf.CsrfViewMiddleware'`` should come before any view middleware that assume that CSRF attacks have been dealt with. Alternatively, you can use the decorator If you disabled it, which is not recommended, you can use :func:`~django.views.decorators.csrf.csrf_protect` on particular views you want to protect (see below). Loading docs/ref/index.txt +1 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ API Reference class-based-views/index clickjacking contrib/index csrf databases django-admin exceptions Loading docs/ref/middleware.txt +1 −1 Original line number Diff line number Diff line Loading @@ -388,7 +388,7 @@ CSRF protection middleware Adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value. See the :doc:`Cross Site Request Forgery protection documentation </ref/contrib/csrf>`. :doc:`Cross Site Request Forgery protection documentation </ref/csrf>`. X-Frame-Options middleware -------------------------- Loading Loading
docs/index.txt +1 −1 Original line number Diff line number Diff line Loading @@ -227,7 +227,7 @@ applications and Django provides multiple protection tools and mechanisms: * :doc:`Security overview <topics/security>` * :doc:`Disclosed security issues in Django <releases/security>` * :doc:`Clickjacking protection <ref/clickjacking>` * :doc:`Cross Site Request Forgery protection <ref/contrib/csrf>` * :doc:`Cross Site Request Forgery protection <ref/csrf>` * :doc:`Cryptographic signing <topics/signing>` * :ref:`Security Middleware <security-middleware>` Loading
docs/ref/contrib/index.txt +0 −8 Original line number Diff line number Diff line Loading @@ -25,7 +25,6 @@ those packages have. admin/index auth contenttypes csrf flatpages formtools/index gis/index Loading Loading @@ -63,13 +62,6 @@ Django model is a separate content type. See the :doc:`contenttypes documentation </ref/contrib/contenttypes>`. csrf ==== A middleware for preventing Cross Site Request Forgeries See the :doc:`csrf documentation </ref/contrib/csrf>`. flatpages ========= Loading
docs/ref/contrib/csrf.txt→docs/ref/csrf.txt +6 −7 Original line number Diff line number Diff line Loading @@ -26,15 +26,14 @@ below. How to use it ============= To enable CSRF protection for your views, follow these steps: To take advantage of CSRF protection in your views, follow these steps: 1. Add the middleware ``'django.middleware.csrf.CsrfViewMiddleware'`` to your list of middleware classes, :setting:`MIDDLEWARE_CLASSES`. (It should come before any view middleware that assume that CSRF attacks have been dealt with.) 1. The CSRF middleware is activated by default in the :setting:`MIDDLEWARE_CLASSES` setting. If you override that setting, remember that ``'django.middleware.csrf.CsrfViewMiddleware'`` should come before any view middleware that assume that CSRF attacks have been dealt with. Alternatively, you can use the decorator If you disabled it, which is not recommended, you can use :func:`~django.views.decorators.csrf.csrf_protect` on particular views you want to protect (see below). Loading
docs/ref/index.txt +1 −0 Original line number Diff line number Diff line Loading @@ -10,6 +10,7 @@ API Reference class-based-views/index clickjacking contrib/index csrf databases django-admin exceptions Loading
docs/ref/middleware.txt +1 −1 Original line number Diff line number Diff line Loading @@ -388,7 +388,7 @@ CSRF protection middleware Adds protection against Cross Site Request Forgeries by adding hidden form fields to POST forms and checking requests for the correct value. See the :doc:`Cross Site Request Forgery protection documentation </ref/contrib/csrf>`. :doc:`Cross Site Request Forgery protection documentation </ref/csrf>`. X-Frame-Options middleware -------------------------- Loading
