Code

Ticket #17105: 17105.diff

File 17105.diff, 1.3 KB (added by timo, 2 years ago)
Line 
1diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
2index e1a87d4..4c84727 100644
3--- a/docs/ref/contrib/csrf.txt
4+++ b/docs/ref/contrib/csrf.txt
5@@ -347,8 +347,9 @@ all the views that need it, enable the middleware and use
6 CsrfViewMiddleware.process_view not used
7 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
8 
9-There are cases when may not have run before your view is run - 404 and 500
10-handlers, for example - but you still need the CSRF token in a form.
11+There are cases when ``CsrfViewMiddleware.process_view``` may not have run
12+before your view is run - 404 and 500 handlers, for example - but you still
13+need the CSRF token in a form.
14 
15 Solution: use :func:`~django.views.decorators.csrf.requires_csrf_token`
16 
17@@ -420,7 +421,7 @@ The domain to be used when setting the CSRF cookie.  This can be useful for
18 easily allowing cross-subdomain requests to be excluded from the normal cross
19 site request forgery protection.  It should be set to a string such as
20 ``".lawrence.com"`` to allow a POST request from a form on one subdomain to be
21-accepted by accepted by a view served from another subdomain.
22+accepted by a view served from another subdomain.
23 
24 Please note that, with or without use of this setting, this CSRF protection
25 mechanism is not safe against cross-subdomain attacks -- see `Limitations`_.