mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-08-03 18:38:50 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Moved CSRF docs out of contrib.

Browse source
This commit is contained in:
Thomas Chaumeny 2014-10-31 23:39:46 +01:00 committed by Tim Graham
parent d968bd5258
commit d3db878e4b
16 changed files with 24 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

4
docs/topics/forms/index.txt
View file

@ -81,7 +81,7 @@ or for binary data, such as an image. A Web application that uses ``GET``
requests for admin forms is a security risk: it can be easy for an attacker to
mimic a form's request to gain access to sensitive parts of the system.
``POST``, coupled with other protections like Django's :doc:`CSRF protection
</ref/contrib/csrf/>` offers more control over access.
</ref/csrf/>` offers more control over access.
On the other hand, ``GET`` is suitable for things like a web search form,
because the URLs that represent a ``GET`` request can easily be bookmarked,
@ -335,7 +335,7 @@ from that ``{{ form }}`` by Django's template language.
.. admonition:: Forms and Cross Site Request Forgery protection
Django ships with an easy-to-use :doc:`protection against Cross Site Request
Forgeries </ref/contrib/csrf>`. When submitting a form via ``POST`` with
Forgeries </ref/csrf>`. When submitting a form via ``POST`` with
CSRF protection enabled you must use the :ttag:`csrf_token` template tag
as in the preceding example. However, since CSRF protection is not
directly tied to forms in templates, this tag is omitted from the