Author: timo Date: 2011-11-19 02:53:26 -0800 (Sat, 19 Nov 2011) New Revision: 17109
Modified: django/trunk/docs/ref/contrib/csrf.txt Log: Fixed #17105 - Typos in docs/ref/contrib/csrf.txt; thanks googol for the report. Modified: django/trunk/docs/ref/contrib/csrf.txt =================================================================== --- django/trunk/docs/ref/contrib/csrf.txt 2011-11-18 22:54:24 UTC (rev 17108) +++ django/trunk/docs/ref/contrib/csrf.txt 2011-11-19 10:53:26 UTC (rev 17109) @@ -347,8 +347,9 @@ CsrfViewMiddleware.process_view not used ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -There are cases when may not have run before your view is run - 404 and 500 -handlers, for example - but you still need the CSRF token in a form. +There are cases when ``CsrfViewMiddleware.process_view``` may not have run +before your view is run - 404 and 500 handlers, for example - but you still +need the CSRF token in a form. Solution: use :func:`~django.views.decorators.csrf.requires_csrf_token` @@ -420,7 +421,7 @@ easily allowing cross-subdomain requests to be excluded from the normal cross site request forgery protection. It should be set to a string such as ``".lawrence.com"`` to allow a POST request from a form on one subdomain to be -accepted by accepted by a view served from another subdomain. +accepted by a view served from another subdomain. Please note that, with or without use of this setting, this CSRF protection mechanism is not safe against cross-subdomain attacks -- see `Limitations`_. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to django-updates@googlegroups.com. To unsubscribe from this group, send email to django-updates+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/django-updates?hl=en.