From 69828b5aa35ed3cf19941a0771c82418a0733b7e Mon Sep 17 00:00:00 2001 From: Steve Piercy Date: Sun, 30 Apr 2017 16:37:21 -0700 Subject: standardize "non-standard" --- docs/narr/security.rst | 2 +- pyramid/csrf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/narr/security.rst b/docs/narr/security.rst index ddf496b69..3a6bfa5e5 100644 --- a/docs/narr/security.rst +++ b/docs/narr/security.rst @@ -946,7 +946,7 @@ automatic CSRF checking will also check the referrer of the request to ensure that it matches one of the trusted origins. By default the only trusted origin is the current host, however additional origins may be configured by setting ``pyramid.csrf_trusted_origins`` to a list of domain names (and ports if they -are non standard). If a host in the list of domains starts with a ``.`` then +are non-standard). If a host in the list of domains starts with a ``.`` then that will allow all subdomains as well as the domain without the ``.``. If CSRF checks fail then a :class:`pyramid.exceptions.BadCSRFToken` or diff --git a/pyramid/csrf.py b/pyramid/csrf.py index c8f097777..7c836e5ad 100644 --- a/pyramid/csrf.py +++ b/pyramid/csrf.py @@ -249,7 +249,7 @@ def check_csrf_origin(request, trusted_origins=None, raises=True): checks are successful this function will return ``True`` unconditionally. Additional trusted origins may be added by passing a list of domain (and - ports if nonstandard like ``['example.com', 'dev.example.com:8080']``) in + ports if non-standard like ``['example.com', 'dev.example.com:8080']``) in with the ``trusted_origins`` parameter. If ``trusted_origins`` is ``None`` (the default) this list of additional domains will be pulled from the ``pyramid.csrf_trusted_origins`` setting. -- cgit v1.2.3