From 8e633906403853868bcd7df62ba30a86151a944d Mon Sep 17 00:00:00 2001 From: tommcn Date: Wed, 16 Mar 2022 21:12:31 -0400 Subject: [PATCH] Corrected CSRF reference in middleware docs. --- docs/ref/middleware.txt | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt index fe04f0b3ef8..6e7a17661c6 100644 --- a/docs/ref/middleware.txt +++ b/docs/ref/middleware.txt @@ -297,10 +297,11 @@ for: .. warning:: When your site is served via HTTPS, :ref:`Django's CSRF protection system - ` requires the ``Referer`` header to be present, so completely - disabling the ``Referer`` header will interfere with CSRF protection. To - gain most of the benefits of disabling ``Referer`` headers while also - keeping CSRF protection, consider enabling only same-origin referrers. + ` requires the ``Referer`` header to be present, so + completely disabling the ``Referer`` header will interfere with CSRF + protection. To gain most of the benefits of disabling ``Referer`` headers + while also keeping CSRF protection, consider enabling only same-origin + referrers. ``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a