Doc fixes from @Deimos

2 files changed, 2 insertions, 2 deletions

diff --git a/docs/narr/security.rst b/docs/narr/security.rst
index f6794dc2c..2b0a2f032 100644
--- a/docs/narr/security.rst
+++ b/docs/narr/security.rst
@@ -946,7 +946,7 @@ is the current host, however additional origins may be configured by setting
 are non-standard). If a host in the list of domains starts with a ``.`` then
 that will allow all subdomains as well as the domain without the ``.``.  If no
 ``Referer`` or ``Origin`` header is present in an HTTPS request, the CSRF check
-will fail unless the ``allow_no_origin`` is set.
+will fail unless ``allow_no_origin`` is set.
 
 If CSRF checks fail then a :class:`pyramid.exceptions.BadCSRFToken` or
 :class:`pyramid.exceptions.BadCSRFOrigin` exception will be raised. This
diff --git a/src/pyramid/config/security.py b/src/pyramid/config/security.py
index 02271e2ba..17ac5ded7 100644
--- a/src/pyramid/config/security.py
+++ b/src/pyramid/config/security.py
@@ -223,7 +223,7 @@ class SecurityConfiguratorMixin(object):
         Default: ``('GET', 'HEAD', 'OPTIONS', TRACE')``.
 
         ``allow_no_origin`` is a boolean.  If false, a request lacking both an
-        ``Origin`` and ``Referer`` header will fail the CSRF check.'
+        ``Origin`` and ``Referer`` header will fail the CSRF check.
 
         If ``callback`` is set, it must be a callable accepting ``(request)``
         and returning ``True`` if the request should be checked for a valid