Negligible spacing changes to docs/csrf.txt to be consistent

git-svn-id: http://code.djangoproject.com/svn/django/trunk@4224 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Adrian Holovaty 2006-12-18 03:59:45 +00:00
parent cd394a246a
commit 8103b7dfad
1 changed files with 19 additions and 18 deletions

View File

@ -1,5 +1,5 @@
=====================================
Cross Site Request Forgery Protection
Cross Site Request Forgery protection
=====================================
The CsrfMiddleware class provides easy-to-use protection against
@ -12,11 +12,11 @@ The first defense against CSRF attacks is to ensure that GET requests
are side-effect free. POST requests can then be protected by adding this
middleware into your list of installed middleware.
.. _Cross Site Request Forgeries: http://www.squarefree.com/securitytips/web-developers.html#CSRF
How to use it
=============
Add the middleware ``'django.contrib.csrf.middleware.CsrfMiddleware'`` to
your list of middleware classes, ``MIDDLEWARE_CLASSES``. It needs to process
the response after the SessionMiddleware, so must come before it in the
@ -25,6 +25,7 @@ happen to the response, so it must come after GZipMiddleware in the list.
How it works
============
CsrfMiddleware does two things:
1. It modifies outgoing requests by adding a hidden form field to all
@ -55,6 +56,7 @@ are modified.
Limitations
===========
CsrfMiddleware requires Django's session framework to work. If you have
a custom authentication system that manually sets cookies and the like,
it won't help you.
@ -65,4 +67,3 @@ you might bypass the filter that adds the hidden field to the form,
in which case form submission will always fail. It may still be possible
to use the middleware, provided you can find some way to get the
CSRF token and ensure that is included when your form is submitted.