This commit is contained in:
adamaze 2022-05-11 13:15:46 -05:00 committed by Christopher Charbonneau Wells
parent ce380697fd
commit 767dac44f4
1 changed files with 2 additions and 2 deletions

View File

@ -10,7 +10,7 @@ and tweaking of settings.
### [`CSRF_TRUSTED_ORIGINS`](../configuration#csrf_trusted_origins)
[Cross Site Request Forgery](https://owasp.org/www-community/attacks/csrf) protection is
an important way to prevent malicious users from sening fake requests to Baby Buddy to
an important way to prevent malicious users from sending fake requests to Baby Buddy to
read, alter, or destroy data.
To protect against this threat Baby Buddy checks the `Origin` header of certain requests
@ -50,4 +50,4 @@ variable to `True` and Baby Buddy will consider the scheme indicated by the
- [NGINX - Using the `Forwarded` Header](https://www.nginx.com/resources/wiki/start/topics/examples/forwarded/)
(Note: NGINX treats `X-Forwarded-Proto` as legacy. See the bottom of this resource for relevant information.)
- [Redirect HTTP to HTTPS with HAProxy](https://www.haproxy.com/blog/redirect-http-to-https-with-haproxy/)
- [Traefik Routing - EntryPoints - Forwarded Headers](https://doc.traefik.io/traefik/v2.3/routing/entrypoints/#forwarded-headers)
- [Traefik Routing - EntryPoints - Forwarded Headers](https://doc.traefik.io/traefik/v2.3/routing/entrypoints/#forwarded-headers)