p31829507
/
django
mirror of https://github.com/django/django.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

[2.2.x] Fixed typos in docs/ref/settings.txt. 

Backport of 4056558a1c from master.
This commit is contained in:
Ben Falk 2019-09-13 14:36:35 -04:00 committed by Mariusz Felisiak
parent 964dd4f4f2
commit 1864d61d6c
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
docs/ref/settings.txt
View File

@ -323,7 +323,7 @@ protection is safe from cross-subdomain attacks by default - please see the
Default: ``False`` Default: ``False``
Whether to use ``HttpOnly`` flag on the CSRF cookie. If this is set to Whether to use ``HttpOnly`` flag on the CSRF cookie. If this is set to
``True``, client-side JavaScript will not to be able to access the CSRF cookie. ``True``, client-side JavaScript will not be able to access the CSRF cookie.
Designating the CSRF cookie as ``HttpOnly`` doesn't offer any practical Designating the CSRF cookie as ``HttpOnly`` doesn't offer any practical
protection because CSRF is only to protect against cross-domain attacks. If an protection because CSRF is only to protect against cross-domain attacks. If an
@ -3012,7 +3012,7 @@ This setting also affects cookies set by :mod:`django.contrib.messages`.
Default: ``True`` Default: ``True``
Whether to use ``HttpOnly`` flag on the session cookie. If this is set to Whether to use ``HttpOnly`` flag on the session cookie. If this is set to
``True``, client-side JavaScript will not to be able to access the session ``True``, client-side JavaScript will not be able to access the session
cookie. cookie.
HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's part of HttpOnly_ is a flag included in a Set-Cookie HTTP response header. It's part of