diff options
| author | kka | 2018-07-18 14:15:44 +0200 |
|---|---|---|
| committer | kka | 2018-07-18 14:15:44 +0200 |
| commit | 1fc7f583041d4393ed97cce53eb4cbe96964a7df (patch) | |
| tree | f0a321323cb4110fc7618c6da3a59cfeca0e9aea | |
| parent | ce476450d23cb6ebeb6005627594d21f9e8943e4 (diff) | |
Fix broken links in the documentation
| -rw-r--r-- | doc/source/config.rst | 8 | ||||
| -rw-r--r-- | doc/source/encryption.rst | 3 | ||||
| -rw-r--r-- | doc/source/features.rst | 2 |
3 files changed, 7 insertions, 6 deletions
diff --git a/doc/source/config.rst b/doc/source/config.rst index dfe2799..e9ee348 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst | |||
| @@ -68,7 +68,7 @@ This configuration variable contains parameters that are used by multiple featur | |||
| 68 | sp.global.secret_key("44239bd400aa82e125337c9d4eb8315767411ccd"); | 68 | sp.global.secret_key("44239bd400aa82e125337c9d4eb8315767411ccd"); |
| 69 | 69 | ||
| 70 | - ``cookie_env_var``: A environment variable used as part of cookies encryption. | 70 | - ``cookie_env_var``: A environment variable used as part of cookies encryption. |
| 71 | See the :ref:`relevant documentation <cookie-encryption-config>` | 71 | See the :ref:`relevant documentation <config_cookie-encryption>` |
| 72 | 72 | ||
| 73 | Bugclass-killer features | 73 | Bugclass-killer features |
| 74 | ------------------------ | 74 | ------------------------ |
| @@ -107,7 +107,7 @@ It can either be ``enabled`` or ``disabled``. | |||
| 107 | .. _config_global: | 107 | .. _config_global: |
| 108 | 108 | ||
| 109 | Prevent sloppy comparison | 109 | Prevent sloppy comparison |
| 110 | ^^^^^^^^^^^^^^^^ | 110 | ^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 111 | 111 | ||
| 112 | sloppy_comparison, disabled by default, will prevent php `type | 112 | sloppy_comparison, disabled by default, will prevent php `type |
| 113 | juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison. | 113 | juggling <https://secure.php.net/manual/en/language.types.type-juggling.php>`_ (``==``) , preventing any bypass of a comparison. |
| @@ -133,11 +133,13 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m | |||
| 133 | sp.unserialize_hmac.enable(); | 133 | sp.unserialize_hmac.enable(); |
| 134 | sp.unserialize_hmac.disable(); | 134 | sp.unserialize_hmac.disable(); |
| 135 | 135 | ||
| 136 | .. _config_cookie-encryption: | ||
| 137 | |||
| 136 | Cookies-related mitigations | 138 | Cookies-related mitigations |
| 137 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ | 139 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ |
| 138 | 140 | ||
| 139 | Since snuffleupagus is providing several hardening features for cookies, | 141 | Since snuffleupagus is providing several hardening features for cookies, |
| 140 | there is a :dedicated web page:`here <cookie-encryption-config>` about them. | 142 | there is a dedicated web page :ref:`here <cookie-encryption-page>` about them. |
| 141 | 143 | ||
| 142 | 144 | ||
| 143 | readonly_exec | 145 | readonly_exec |
diff --git a/doc/source/encryption.rst b/doc/source/encryption.rst index 8ac6861..2b6ac9d 100644 --- a/doc/source/encryption.rst +++ b/doc/source/encryption.rst | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | .. _cookie-encryption-config: | 1 | .. _cookie-encryption-page: |
| 2 | 2 | ||
| 3 | Cookies | 3 | Cookies |
| 4 | ======= | 4 | ======= |
| @@ -39,7 +39,6 @@ It can either be set to ``strict`` or ``lax``: | |||
| 39 | sp.cookie.name("cookie1").samesite("lax"); | 39 | sp.cookie.name("cookie1").samesite("lax"); |
| 40 | sp.cookie.name("cookie2").samesite("strict");; | 40 | sp.cookie.name("cookie2").samesite("strict");; |
| 41 | 41 | ||
| 42 | .. _cookie-encryption_config: | ||
| 43 | 42 | ||
| 44 | Cookie encryption | 43 | Cookie encryption |
| 45 | """"""""""""""""" | 44 | """"""""""""""""" |
diff --git a/doc/source/features.rst b/doc/source/features.rst index 08ad3d4..e420156 100644 --- a/doc/source/features.rst +++ b/doc/source/features.rst | |||
| @@ -71,7 +71,7 @@ Like *Suhosin*, we are encrypting the cookies with a secret key, | |||
| 71 | an environment variable (usually the IP of the user) | 71 | an environment variable (usually the IP of the user) |
| 72 | and the user's user-agent. This means that an attacker with an XSS won't be able to use | 72 | and the user's user-agent. This means that an attacker with an XSS won't be able to use |
| 73 | the stolen cookie, since he can't spoof the content of the value of the environment | 73 | the stolen cookie, since he can't spoof the content of the value of the environment |
| 74 | variable for the user. Please do read the :ref:`documentation about this feature <cookie-encryption_config>` | 74 | variable for the user. Please do read the :ref:`documentation about this feature <config_cookie-encryption>` |
| 75 | if you're planning to use it. | 75 | if you're planning to use it. |
| 76 | 76 | ||
| 77 | This feature is roughly the same than the `Suhosin one <https://suhosin.org/stories/configuration.html#transparent-encryption-options>`_. | 77 | This feature is roughly the same than the `Suhosin one <https://suhosin.org/stories/configuration.html#transparent-encryption-options>`_. |