diff --git a/docs/_sidebar.md b/docs/_sidebar.md index 240e30b..ce8cf8b 100644 --- a/docs/_sidebar.md +++ b/docs/_sidebar.md @@ -3,6 +3,7 @@ - [responses](responses.md) - middleware - [overview](middleware/overview.md) + - [session](middleware/sessions.md) - [csrf](middleware/csrf.md) - [pydantic](middleware/pydantic.md) - - [session](middleware/sessions.md) + - [writing your own](middleware/custom_middleware.md) diff --git a/docs/middleware/csrf.md b/docs/middleware/csrf.md index c1b36fc..8458dd3 100644 --- a/docs/middleware/csrf.md +++ b/docs/middleware/csrf.md @@ -16,7 +16,8 @@ app = SpiderwebRouter( Cross-site request forgery, put simply, is a method for attackers to make legitimate-looking requests in your name to a service or system that you've previously authenticated to. Ways that we can protect against this involve aggressively expiring session cookies, special IDs for forms that are keyed to a specific user, and more. -Notice that in the example above, SessionMiddleware is also included in the middleware list. The CSRF middleware requires the SessionMiddleware to function, and SessionMiddleware must be placed above it in the middleware list. +> [!TIP] +> Notice that in the example above, SessionMiddleware is also included in the middleware list. The CSRF middleware requires the SessionMiddleware to function, and SessionMiddleware must be placed above it in the middleware list. ## CSRF and Forms @@ -52,12 +53,13 @@ def form(request):
-