diff options
| author | Kevin Brown | 2013-07-19 19:49:20 -0400 |
|---|---|---|
| committer | Kevin Brown | 2013-07-19 19:49:20 -0400 |
| commit | 8f2e71a67fad17a0e44df6747ca450a101979c24 (patch) | |
| tree | 493f5a325725b5f72d799c478459861d28d9b63b /docs/topics/ajax-csrf-cors.md | |
| parent | 84b5f478f32b332178190057e3e1196fa6360ff8 (diff) | |
| download | django-rest-framework-8f2e71a67fad17a0e44df6747ca450a101979c24.tar.bz2 | |
Modified documentation for CSRF as mentioned in #984
Diffstat (limited to 'docs/topics/ajax-csrf-cors.md')
| -rw-r--r-- | docs/topics/ajax-csrf-cors.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/docs/topics/ajax-csrf-cors.md b/docs/topics/ajax-csrf-cors.md index 4566f38b..0555b84d 100644 --- a/docs/topics/ajax-csrf-cors.md +++ b/docs/topics/ajax-csrf-cors.md @@ -23,7 +23,7 @@ To guard against these type of attacks, you need to do two things: If you're using `SessionAuthentication` you'll need to include valid CSRF tokens for any `POST`, `PUT`, `PATCH` or `DELETE` operations. -The Django documentation describes how to [include CSRF tokens in AJAX requests][csrf-ajax]. +In order to make AJAX requests, you need to include CSRF token in the HTTP header, as [described in the Django documentation][csrf-ajax]. ## CORS |