From 122ed88e536d45afa6b671c8f90a8d43f9510b21 Mon Sep 17 00:00:00 2001 From: J0WI Date: Thu, 17 Sep 2020 20:29:58 +0200 Subject: [PATCH] Update urls to HTTPS Signed-off-by: J0WI --- .../linux_database_configuration.rst | 4 ++-- .../big_file_upload_configuration.rst | 10 +++++----- .../external_storage_configuration_gui.rst | 2 +- .../antivirus_configuration.rst | 2 +- .../configuration_server/caching_configuration.rst | 2 +- .../config_sample_php_parameters.rst | 4 ++-- admin_manual/installation/nginx.rst | 2 +- admin_manual/installation/server_tuning.rst | 12 ++++++------ admin_manual/installation/source_installation.rst | 2 +- admin_manual/issues/general_troubleshooting.rst | 2 +- build/generateIconsDoc.php | 2 +- developer_manual/app_development/tutorial.rst | 2 +- .../app_publishing_maintenance/publishing.rst | 2 +- developer_manual/basics/dependency_injection.rst | 6 +++--- developer_manual/basics/testing.rst | 2 +- developer_manual/core/unit-testing.rst | 14 +++++++------- developer_manual/digging_deeper/debugging.rst | 2 +- .../getting_started/codingguidelines.rst | 10 +++++----- developer_manual/getting_started/debugging.rst | 2 +- .../prologue/bugtracker/codereviews.rst | 2 +- developer_manual/prologue/development_process.rst | 2 +- developer_manual/prologue/security.rst | 10 +++++----- index.html | 2 +- 23 files changed, 50 insertions(+), 50 deletions(-) diff --git a/admin_manual/configuration_database/linux_database_configuration.rst b/admin_manual/configuration_database/linux_database_configuration.rst index 5b3908f5f..92f8797d0 100644 --- a/admin_manual/configuration_database/linux_database_configuration.rst +++ b/admin_manual/configuration_database/linux_database_configuration.rst @@ -4,8 +4,8 @@ Database configuration Nextcloud requires a database in which administrative data is stored. The following databases are currently supported: -* `MySQL `_ / `MariaDB `_ -* `PostgreSQL `_ +* `MySQL `_ / `MariaDB `_ +* `PostgreSQL `_ * `Oracle `_ The MySQL or MariaDB databases are the recommended database engines. diff --git a/admin_manual/configuration_files/big_file_upload_configuration.rst b/admin_manual/configuration_files/big_file_upload_configuration.rst index f4a9a16e3..c1cbf762d 100644 --- a/admin_manual/configuration_files/big_file_upload_configuration.rst +++ b/admin_manual/configuration_files/big_file_upload_configuration.rst @@ -75,9 +75,9 @@ Apache with mod_fcgid nginx ^^^^^ -* `client_max_body_size `_ -* `fastcgi_read_timeout `_ -* `client_body_temp_path `_ +* `client_max_body_size `_ +* `fastcgi_read_timeout `_ +* `client_body_temp_path `_ Since nginx 1.7.11 a new config option `fastcgi_request_buffering `_ @@ -95,8 +95,8 @@ If your site is behind a nginx frontend (for example a loadbalancer): By default, downloads will be limited to 1GB due to ``proxy_buffering`` and ``proxy_max_temp_file_size`` on the frontend. -* If you can access the frontend's configuration, disable `proxy_buffering `_ or increase `proxy_max_temp_file_size `_ from the default 1GB. -* If you do not have access to the frontend, set the `X-Accel-Buffering `_ header to ``add_header X-Accel-Buffering no;`` on your backend server. +* If you can access the frontend's configuration, disable `proxy_buffering `_ or increase `proxy_max_temp_file_size `_ from the default 1GB. +* If you do not have access to the frontend, set the `X-Accel-Buffering `_ header to ``add_header X-Accel-Buffering no;`` on your backend server. Configuring PHP --------------- diff --git a/admin_manual/configuration_files/external_storage_configuration_gui.rst b/admin_manual/configuration_files/external_storage_configuration_gui.rst index 88654949d..ccf066d3d 100644 --- a/admin_manual/configuration_files/external_storage_configuration_gui.rst +++ b/admin_manual/configuration_files/external_storage_configuration_gui.rst @@ -91,7 +91,7 @@ Using self-signed certificates When using self-signed certificates for external storage mounts the certificate must be imported into the personal settings of the user. Please refer to `Nextcloud HTTPS External Mount -`_ +`_ for more information. Available storage backends diff --git a/admin_manual/configuration_server/antivirus_configuration.rst b/admin_manual/configuration_server/antivirus_configuration.rst index b0610fe2d..6ef2f1100 100644 --- a/admin_manual/configuration_server/antivirus_configuration.rst +++ b/admin_manual/configuration_server/antivirus_configuration.rst @@ -5,7 +5,7 @@ Antivirus scanner You can configure your Nextcloud server to automatically run a virus scan on newly-uploaded files with the Antivirus app for Files. The Antivirus app for Files integrates the open source anti-virus engine `ClamAV -`_ with Nextcloud. ClamAV detects all forms +`_ with Nextcloud. ClamAV detects all forms of malware including Trojan horses, viruses, and worms, and it operates on all major file types including Windows, Linux, and Mac files, compressed files, executables, image files, Flash, PDF, and many others. ClamAV's Freshclam diff --git a/admin_manual/configuration_server/caching_configuration.rst b/admin_manual/configuration_server/caching_configuration.rst index 2db437c77..f5aa1859e 100644 --- a/admin_manual/configuration_server/caching_configuration.rst +++ b/admin_manual/configuration_server/caching_configuration.rst @@ -27,7 +27,7 @@ of memcache that best fits your needs. The supported caching backends are: A local cache for systems. * `Redis `_, PHP module 2.2.6 and up required. For local and distributed caching as well as transactional file locking. -* `Memcached `_ +* `Memcached `_ For distributed caching. Memcaches must be explicitly configured in Nextcloud by installing diff --git a/admin_manual/configuration_server/config_sample_php_parameters.rst b/admin_manual/configuration_server/config_sample_php_parameters.rst index 35295bcb6..3cf72cdfa 100644 --- a/admin_manual/configuration_server/config_sample_php_parameters.rst +++ b/admin_manual/configuration_server/config_sample_php_parameters.rst @@ -987,7 +987,7 @@ Defaults to an empty array. 'logdateformat' => 'F d, Y H:i:s', -This uses PHP.date formatting; see http://php.net/manual/en/function.date.php +This uses PHP.date formatting; see https://php.net/manual/en/function.date.php Defaults to ISO 8601 ``2005-08-15T15:52:01+00:00`` - see \DateTime::ATOM (https://secure.php.net/manual/en/class.datetime.php#datetime.constants.atom) @@ -997,7 +997,7 @@ Defaults to ISO 8601 ``2005-08-15T15:52:01+00:00`` - see \DateTime::ATOM 'logtimezone' => 'Europe/Berlin', The timezone for logfiles. You may change this; see -http://php.net/manual/en/timezones.php +https://php.net/manual/en/timezones.php Defaults to ``UTC`` diff --git a/admin_manual/installation/nginx.rst b/admin_manual/installation/nginx.rst index 6fc71b1b8..cf464542c 100644 --- a/admin_manual/installation/nginx.rst +++ b/admin_manual/installation/nginx.rst @@ -10,7 +10,7 @@ server. These configurations examples were originally provided by - Adjust **server_name**, **root**, **ssl_certificate** and **ssl_certificate_key** to suit your needs. - Make sure your SSL certificates are readable by the server (see `nginx HTTP - SSL Module documentation `_). + SSL Module documentation `_). - Be careful about line breaks if you copy the examples, as long lines may be broken for page formatting. - Some environments might need a ``cgi.fix_pathinfo`` set to ``1`` in their diff --git a/admin_manual/installation/server_tuning.rst b/admin_manual/installation/server_tuning.rst index 49728159e..f38971e96 100644 --- a/admin_manual/installation/server_tuning.rst +++ b/admin_manual/installation/server_tuning.rst @@ -35,7 +35,7 @@ Using MariaDB/MySQL instead of SQLite MySQL or MariaDB are preferred because of the `performance limitations of SQLite with highly concurrent applications -`_, like Nextcloud. +`_, like Nextcloud. See the section :doc:`../configuration_database/linux_database_configuration` for how to configure Nextcloud for MySQL or MariaDB. If your installation is already running on @@ -70,7 +70,7 @@ SSL / encryption app SSL (HTTPS) and file encryption/decryption can be offloaded to a processor's AES-NI extension. This can both speed up these operations while lowering processing overhead. This requires a processor with the `AES-NI instruction set -`_. +`_. Here are some examples how to check if your CPU / environment supports the AES-NI extension: @@ -81,7 +81,7 @@ AES-NI extension: * Search eg. on the Intel web if the processor used supports the extension `Intel Processor Feature Filter - `_ You may set a filter by + `_ You may set a filter by ``"AES New Instructions"`` to get a reduced result set. * For versions of openssl >= 1.0.1, AES-NI does not work via an engine and @@ -98,7 +98,7 @@ AES-NI extension: Enable HTTP2 for faster loading ------------------------------- -HTTP2 has `huge speed improvements `_ over HTTP with multiple request. Most `browsers already support HTTP2 over SSL (HTTPS) `_. So refer to your server manual for guides on how to use HTTP2. +HTTP2 has `huge speed improvements `_ over HTTP with multiple request. Most `browsers already support HTTP2 over SSL (HTTPS) `_. So refer to your server manual for guides on how to use HTTP2. Tune PHP-FPM ------------ @@ -123,7 +123,7 @@ Depending on your current PHP version you should find this file e.g. under ``/et Enable PHP OPcache ------------------ -The `OPcache `_ improves the performance of PHP applications by caching precompiled bytecode. We recommend at least the following settings: +The `OPcache `_ improves the performance of PHP applications by caching precompiled bytecode. We recommend at least the following settings: .. code:: ini @@ -134,4 +134,4 @@ The `OPcache `_ improves the perform opcache.save_comments=1 opcache.revalidate_freq=1 -For more details check out the `official documentation `_ or `this blog post about some recommended settings `_. +For more details check out the `official documentation `_ or `this blog post about some recommended settings `_. diff --git a/admin_manual/installation/source_installation.rst b/admin_manual/installation/source_installation.rst index 7eaedb785..adf16540b 100644 --- a/admin_manual/installation/source_installation.rst +++ b/admin_manual/installation/source_installation.rst @@ -26,7 +26,7 @@ Prerequisites for manual installation The Nextcloud .tar archive contains all of the required PHP modules. This section lists all required and optional PHP modules. Consult the `PHP manual -`_ for more information on modules. +`_ for more information on modules. Your Linux distribution should have packages for all required modules. You can check the presence of a module by typing ``php -m | grep -i ``. If you get a result, the module is present. diff --git a/admin_manual/issues/general_troubleshooting.rst b/admin_manual/issues/general_troubleshooting.rst index 504bd08c2..6fb2c8c2c 100644 --- a/admin_manual/issues/general_troubleshooting.rst +++ b/admin_manual/issues/general_troubleshooting.rst @@ -35,7 +35,7 @@ configuration report with the :ref:`occ config command .. _the Nextcloud Forums: https://help.nextcloud.com .. _FAQ page: https://help.nextcloud.com/c/faq .. _bugtracker: https://github.com/nextcloud/server/issues -.. _webchat: http://webchat.freenode.net/?channels=nextcloud +.. _webchat: https://webchat.freenode.net/?channels=nextcloud https://docs.nextcloud.org/server/latest/developer_manual/bugtracker/index.html .. TODO ON RELEASE: Update version number above on release diff --git a/build/generateIconsDoc.php b/build/generateIconsDoc.php index 611926819..b9a04a146 100755 --- a/build/generateIconsDoc.php +++ b/build/generateIconsDoc.php @@ -17,7 +17,7 @@ * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . + * along with this program. If not, see . * */ diff --git a/developer_manual/app_development/tutorial.rst b/developer_manual/app_development/tutorial.rst index 8b045dc0e..912def745 100644 --- a/developer_manual/app_development/tutorial.rst +++ b/developer_manual/app_development/tutorial.rst @@ -581,7 +581,7 @@ and **notestutorial/lib/Service/NotFoundException.php**: class NotFoundException extends ServiceException {} -Remember how we had all those ugly try catches that where checking for **DoesNotExistException** and simply returned a 404 response? Let's also put this into a reusable class. In our case we chose a `trait `_ so we can inherit methods without having to add it to our inheritance hierarchy. This will be important later on when you've got controllers that inherit from the **ApiController** class instead. +Remember how we had all those ugly try catches that where checking for **DoesNotExistException** and simply returned a 404 response? Let's also put this into a reusable class. In our case we chose a `trait `_ so we can inherit methods without having to add it to our inheritance hierarchy. This will be important later on when you've got controllers that inherit from the **ApiController** class instead. The trait is created in **notestutorial/lib/Controller/Errors.php**: diff --git a/developer_manual/app_publishing_maintenance/publishing.rst b/developer_manual/app_publishing_maintenance/publishing.rst index 2d456c982..723e28c29 100644 --- a/developer_manual/app_publishing_maintenance/publishing.rst +++ b/developer_manual/app_publishing_maintenance/publishing.rst @@ -16,7 +16,7 @@ The Nextcloud app store is built into Nextcloud to allow you to get your apps to Getting an app approved ----------------------- -You can find documentation on getting apps in our app store `here. `_ +You can find documentation on getting apps in our app store `here. `_ Using the code checker ^^^^^^^^^^^^^^^^^^^^^^ diff --git a/developer_manual/basics/dependency_injection.rst b/developer_manual/basics/dependency_injection.rst index 22e76c7f3..e3602dfa1 100644 --- a/developer_manual/basics/dependency_injection.rst +++ b/developer_manual/basics/dependency_injection.rst @@ -10,7 +10,7 @@ This makes the code easier to test and thus easier to maintain. If you are unfamiliar with this pattern, watch the following video: -* `Google Clean Code Talks `_ +* `Google Clean Code Talks `_ .. _dependency-injection: @@ -380,12 +380,12 @@ In general all of the app's controllers need to be registered inside the contain * It does I/O (database, write/read to files) * It is a global (e.g. $_POST, etc. This is in the request class by the way) -* The output does not depend on the input variables (also called `impure function `_), e.g. time, random number generator +* The output does not depend on the input variables (also called `impure function `_), e.g. time, random number generator * It is a service, basically it would make sense to swap it out for a different object What not to inject: * It is pure data and has methods that only act upon it (arrays, data objects) -* It is a `pure function `_ +* It is a `pure function `_ .. _`reflection`: https://www.php.net/manual/en/book.reflection.php diff --git a/developer_manual/basics/testing.rst b/developer_manual/basics/testing.rst index 8d022af2e..21eb78aa8 100644 --- a/developer_manual/basics/testing.rst +++ b/developer_manual/basics/testing.rst @@ -4,7 +4,7 @@ Testing .. sectionauthor:: Bernhard Posselt -All PHP classes can be tested with `PHPUnit `_, JavaScript can be tested by using `Karma `_. +All PHP classes can be tested with `PHPUnit `_, JavaScript can be tested by using `Karma `_. diff --git a/developer_manual/core/unit-testing.rst b/developer_manual/core/unit-testing.rst index 2e0d95230..f8aba2691 100644 --- a/developer_manual/core/unit-testing.rst +++ b/developer_manual/core/unit-testing.rst @@ -90,7 +90,7 @@ when overwriting ``setUp()``, ``setUpBeforeClass()``, ``tearDown()`` or ``tearDo from the TestCase. These methods set up important stuff and clean up the system after the test, so the next test can run without side effects, like remaining files and entries in the file cache, etc. -For more resources on PHPUnit visit: http://www.phpunit.de/manual/current/en/writing-tests-for-phpunit.html +For more resources on PHPUnit visit: https://www.phpunit.de/manual/current/en/writing-tests-for-phpunit.html Bootstrapping Nextcloud ^^^^^^^^^^^^^^^^^^^^^^^ @@ -146,9 +146,9 @@ To run a specific test suite (note that the test file path is relative to the "t Further reading ^^^^^^^^^^^^^^^ -- http://googletesting.blogspot.de/2008/08/by-miko-hevery-so-you-decided-to.html -- http://www.phpunit.de/manual/current/en/writing-tests-for-phpunit.html -- http://www.youtube.com/watch?v=4E4672CS58Q&feature=bf_prev&list=PLBDAB2BA83BB6588E +- https://googletesting.blogspot.de/2008/08/by-miko-hevery-so-you-decided-to.html +- https://www.phpunit.de/manual/current/en/writing-tests-for-phpunit.html +- https://www.youtube.com/watch?v=4E4672CS58Q&feature=bf_prev&list=PLBDAB2BA83BB6588E - Clean Code: A Handbook of Agile Software Craftsmanship (Robert C. Martin) JavaScript unit testing for core @@ -161,7 +161,7 @@ Installing Node JS To run the JavaScript unit tests you will need to install **Node JS**. -You can get it here: http://nodejs.org/ +You can get it here: https://nodejs.org/ After that you will need to setup the **Karma** test environment. The easiest way to do this is to run the automatic test script first, see next section. @@ -202,6 +202,6 @@ Documentation Here are some useful links about how to write unit tests with Jasmine and Sinon: -- Karma test runner: http://karma-runner.github.io -- Jasmine: http://pivotal.github.io/jasmine +- Karma test runner: https://karma-runner.github.io/ +- Jasmine: https://pivotal.github.io/jasmine - Sinon (for mocking and stubbing): http://sinonjs.org/ diff --git a/developer_manual/digging_deeper/debugging.rst b/developer_manual/digging_deeper/debugging.rst index 13c4a68c4..c13072440 100644 --- a/developer_manual/digging_deeper/debugging.rst +++ b/developer_manual/digging_deeper/debugging.rst @@ -61,7 +61,7 @@ XDebug will now (when activated) try to connect to localhost on port 9000, and w - SublimeTextXdebug - XDebug client for Sublime Text - PHPStorm - in-built DBGP debugger -For further reading, see the XDebug documentation: http://xdebug.org/docs/remote +For further reading, see the XDebug documentation: https://xdebug.org/docs/remote Once you are familiar with how your debugging client works, you can start debugging with XDebug. To test Nextcloud through the web interface or other HTTP requests, set the ``XDEBUG_SESSION_START`` cookie or POST parameter. Alternatively, there are browser extensions to make this easy: diff --git a/developer_manual/getting_started/codingguidelines.rst b/developer_manual/getting_started/codingguidelines.rst index f69c34c50..fd3371274 100644 --- a/developer_manual/getting_started/codingguidelines.rst +++ b/developer_manual/getting_started/codingguidelines.rst @@ -28,7 +28,7 @@ The most important labels and their meaning: * #bug - this issue is a bug * #enhancement - this issue is a feature request/idea for improvement of Nextcloud * #design - this needs help from the design team or is a design-related issue/pull request -* #technical debt - this issue or PR is about `technical debt `_ +* #technical debt - this issue or PR is about `technical debt `_ * #good first issue - these are issues which are relatively easy to solve and ideal for people who want to learn how to code in Nextcloud * #needs info - this issue needs further information from the reporter, see :doc:`../bugtracker/triaging` * #high #medium #low signify how important the bug is. @@ -82,7 +82,7 @@ Nextcloud is licensed under the `GNU AGPLv3 ` * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . + * along with this program. If not, see . * */ @@ -113,11 +113,11 @@ at the start of your php code. The final closing:: ?> -should not be used at the end of the file due to the `possible issue of sending white spaces `_. +should not be used at the end of the file due to the `possible issue of sending white spaces `_. Comments ^^^^^^^^ -All API methods need to be marked with `PHPDoc `_ markup. An example would be: +All API methods need to be marked with `PHPDoc `_ markup. An example would be: .. code-block:: php @@ -431,7 +431,7 @@ Control structures CSS --- -Take a look at the `Writing Tactical CSS & HTML `_ video on YouTube. +Take a look at the `Writing Tactical CSS & HTML `_ video on YouTube. Don't bind your CSS too much to your HTML structure and try to avoid IDs. Also try to make your CSS reusable by grouping common attributes into classes. diff --git a/developer_manual/getting_started/debugging.rst b/developer_manual/getting_started/debugging.rst index 13c4a68c4..c13072440 100644 --- a/developer_manual/getting_started/debugging.rst +++ b/developer_manual/getting_started/debugging.rst @@ -61,7 +61,7 @@ XDebug will now (when activated) try to connect to localhost on port 9000, and w - SublimeTextXdebug - XDebug client for Sublime Text - PHPStorm - in-built DBGP debugger -For further reading, see the XDebug documentation: http://xdebug.org/docs/remote +For further reading, see the XDebug documentation: https://xdebug.org/docs/remote Once you are familiar with how your debugging client works, you can start debugging with XDebug. To test Nextcloud through the web interface or other HTTP requests, set the ``XDEBUG_SESSION_START`` cookie or POST parameter. Alternatively, there are browser extensions to make this easy: diff --git a/developer_manual/prologue/bugtracker/codereviews.rst b/developer_manual/prologue/bugtracker/codereviews.rst index 14d347469..6fcdc3b0f 100644 --- a/developer_manual/prologue/bugtracker/codereviews.rst +++ b/developer_manual/prologue/bugtracker/codereviews.rst @@ -58,4 +58,4 @@ Questions? Feel free to drop a line on the `forums`_ or join us on `IRC`_. .. _forums: https://help.nextcloud.com/ -.. _IRC: http://webchat.freenode.net/?channels=nextcloud-dev +.. _IRC: https://webchat.freenode.net/?channels=nextcloud-dev diff --git a/developer_manual/prologue/development_process.rst b/developer_manual/prologue/development_process.rst index 6c9492ab1..ab6730c1d 100644 --- a/developer_manual/prologue/development_process.rst +++ b/developer_manual/prologue/development_process.rst @@ -256,7 +256,7 @@ make up the changelog for the release. Furthermore, HuBoard allows us to filter the Kanban board by Milestone, making it especially easy to focus on the current Release. -.. _kanban board: http://en.wikipedia.org/wiki/Kanban_board +.. _kanban board: https://en.wikipedia.org/wiki/Kanban_board .. _forums: https://help.nextcloud.org .. _Gherkin: https://github.com/cucumber/cucumber/wiki/Gherkin .. _existing ones: https://github.com/nextcloud/server/tree/master/build/integration/features diff --git a/developer_manual/prologue/security.rst b/developer_manual/prologue/security.rst index aa9800648..f41dcf04a 100644 --- a/developer_manual/prologue/security.rst +++ b/developer_manual/prologue/security.rst @@ -13,7 +13,7 @@ This guideline highlights some of the most common security problems and how to p SQL injection ------------- -`SQL Injection `_ occurs when SQL query strings are concatenated with variables. +`SQL Injection `_ occurs when SQL query strings are concatenated with variables. To prevent this, always use prepared queries: @@ -38,7 +38,7 @@ If the App Framework is used, write SQL queries like this in a class that extend Cross site scripting -------------------- -`Cross site scripting `_ happens when user input is passed directly to templates. A potential attacker might be able to inject HTML/JavaScript into the page to steal the users session, log keyboard entries, even perform DDOS attacks on other websites or other malicious actions. +`Cross site scripting `_ happens when user input is passed directly to templates. A potential attacker might be able to inject HTML/JavaScript into the page to steal the users session, log keyboard entries, even perform DDOS attacks on other websites or other malicious actions. Despite the fact that Nextcloud uses Content-Security-Policy to prevent the execution of inline JavaScript code developers are still required to prevent XSS. CSP is just another layer of defense that is not implemented in all web browsers. @@ -103,7 +103,7 @@ It may also be wise to choose a proper JavaScript framework like AngularJS which Clickjacking ------------ -`Clickjacking `_ tricks the user to click into an invisible iframe to perform an arbitrary action (e.g. delete an user account) +`Clickjacking `_ tricks the user to click into an invisible iframe to perform an arbitrary action (e.g. delete an user account) To prevent such attacks Nextcloud sends the `X-Frame-Options` header to all template responses. Don't remove this header if you don't really need it! @@ -161,7 +161,7 @@ Very often developers forget about sanitizing the file path (removing all \\ and Shell injection --------------- -`Shell Injection `_ occurs if PHP code executes shell commands (e.g. running a latex compiler). Before doing this, check if there is a PHP library that already provides the needed functionality. If you really need to execute a command be aware that you have to escape every user parameter passed to one of these functions: +`Shell Injection `_ occurs if PHP code executes shell commands (e.g. running a latex compiler). Before doing this, check if there is a PHP library that already provides the needed functionality. If you really need to execute a command be aware that you have to escape every user parameter passed to one of these functions: * **exec()** * **shell_exec()** @@ -216,7 +216,7 @@ Always store user data or configuration files in safe locations, e.g. **nextclou Cross site request forgery -------------------------- -Using `CSRF `_ one can trick a user into executing a request that they did not want to make. Thus every POST and GET request needs to be protected against it. The only places where no CSRF checks are needed are in the main template, which is rendering the application, or in externally callable interfaces. +Using `CSRF `_ one can trick a user into executing a request that they did not want to make. Thus every POST and GET request needs to be protected against it. The only places where no CSRF checks are needed are in the main template, which is rendering the application, or in externally callable interfaces. .. note:: Submitting a form is also a POST/GET request! diff --git a/index.html b/index.html index 88a30c3ab..fd3776d52 100644 --- a/index.html +++ b/index.html @@ -23,7 +23,7 @@ - +