Negligible spacing changes to docs/csrf.txt to be consistent
git-svn-id: http://code.djangoproject.com/svn/django/trunk@4224 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
cd394a246a
commit
8103b7dfad
|
@ -1,5 +1,5 @@
|
|||
=====================================
|
||||
Cross Site Request Forgery Protection
|
||||
Cross Site Request Forgery protection
|
||||
=====================================
|
||||
|
||||
The CsrfMiddleware class provides easy-to-use protection against
|
||||
|
@ -12,11 +12,11 @@ The first defense against CSRF attacks is to ensure that GET requests
|
|||
are side-effect free. POST requests can then be protected by adding this
|
||||
middleware into your list of installed middleware.
|
||||
|
||||
|
||||
.. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF
|
||||
|
||||
How to use it
|
||||
=============
|
||||
|
||||
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to
|
||||
your list of middleware classes, ``MIDDLEWARE_CLASSES``. It needs to process
|
||||
the response after the SessionMiddleware, so must come before it in the
|
||||
|
@ -25,6 +25,7 @@ happen to the response, so it must come after GZipMiddleware in the list.
|
|||
|
||||
How it works
|
||||
============
|
||||
|
||||
CsrfMiddleware does two things:
|
||||
|
||||
1. It modifies outgoing requests by adding a hidden form field to all
|
||||
|
@ -55,6 +56,7 @@ are modified.
|
|||
|
||||
Limitations
|
||||
===========
|
||||
|
||||
CsrfMiddleware requires Django's session framework to work. If you have
|
||||
a custom authentication system that manually sets cookies and the like,
|
||||
it won't help you.
|
||||
|
@ -65,4 +67,3 @@ you might bypass the filter that adds the hidden field to the form,
|
|||
in which case form submission will always fail. It may still be possible
|
||||
to use the middleware, provided you can find some way to get the
|
||||
CSRF token and ensure that is included when your form is submitted.
|
||||
|
||||
|
|
Loading…
Reference in New Issue