From e0bb9092d14d7b43be20b8a61eafbd0e957f91f9 Mon Sep 17 00:00:00 2001 From: Ben Falk Date: Fri, 13 Sep 2019 14:36:35 -0400 Subject: [PATCH] [3.0.x] Fixed typos in docs/ref/settings.txt. Backport of 4056558a1c9cf650ab6e7cb1a319206d2e8c770f from master --- docs/ref/settings.txt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index 1ec8e9d94c..75eaf25613 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -323,7 +323,7 @@ protection is safe from cross-subdomain attacks by default - please see the Default: ``False`` Whether to use ``HttpOnly`` flag on the CSRF cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the CSRF cookie. +``True``, client-side JavaScript will not be able to access the CSRF cookie. Designating the CSRF cookie as ``HttpOnly`` doesn't offer any practical protection because CSRF is only to protect against cross-domain attacks. If an @@ -1776,7 +1776,7 @@ deletes the old one. Default: ``False`` Whether to use ``HttpOnly`` flag on the language cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the language +``True``, client-side JavaScript will not be able to access the language cookie. See :setting:`SESSION_COOKIE_HTTPONLY` for details on ``HttpOnly``. @@ -3065,7 +3065,7 @@ This setting also affects cookies set by :mod:`django.contrib.messages`. Default: ``True`` Whether to use ``HttpOnly`` flag on the session cookie. If this is set to -``True``, client-side JavaScript will not to be able to access the session +``True``, client-side JavaScript will not be able to access the session cookie. HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's part of