diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index e1a87d4..4c84727 100644
|
a
|
b
|
all the views that need it, enable the middleware and use
|
| 347 | 347 | CsrfViewMiddleware.process_view not used |
| 348 | 348 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 349 | 349 | |
| 350 | | There are cases when may not have run before your view is run - 404 and 500 |
| 351 | | handlers, for example - but you still need the CSRF token in a form. |
| | 350 | There are cases when ``CsrfViewMiddleware.process_view``` may not have run |
| | 351 | before your view is run - 404 and 500 handlers, for example - but you still |
| | 352 | need the CSRF token in a form. |
| 352 | 353 | |
| 353 | 354 | Solution: use :func:`~django.views.decorators.csrf.requires_csrf_token` |
| 354 | 355 | |
| … |
… |
The domain to be used when setting the CSRF cookie. This can be useful for
|
| 420 | 421 | easily allowing cross-subdomain requests to be excluded from the normal cross |
| 421 | 422 | site request forgery protection. It should be set to a string such as |
| 422 | 423 | ``".lawrence.com"`` to allow a POST request from a form on one subdomain to be |
| 423 | | accepted by accepted by a view served from another subdomain. |
| | 424 | accepted by a view served from another subdomain. |
| 424 | 425 | |
| 425 | 426 | Please note that, with or without use of this setting, this CSRF protection |
| 426 | 427 | mechanism is not safe against cross-subdomain attacks -- see `Limitations`_. |