Apply suggestions from code review

ematipico · sarah11918 · web-flow · commit 51b6dd9fe97b · 2024-04-09T15:47:16.000+01:00
Co-authored-by: Sarah Rainsberger &lt;sarah@rainsberger.ca&gt;
diff --git a/.changeset/fair-jars-behave.md b/.changeset/fair-jars-behave.md
@@ -2,7 +2,7 @@
 "astro": minor
 ---
 
-Adds a new security - and experimental - option to prevent CSRF attacks. This feature is available only for on-demand pages:
+Adds a new experimental security option to prevent [Cross-Site Request Forgery (CSRF) attacks](https://owasp.org/www-community/attacks/csrf). This feature is available only for pages rendered on demand:
 
 ```js
 import { defineConfig } from "astro/config"
@@ -17,9 +17,8 @@ export default defineConfig({
 })
 ```
 
-When enabled, it checks that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`.
+Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`.
 
-The "origin" check is executed only on-demand pages, and only for the requests `POST, `PATCH`, `DELETE` and `PUT`, only for those requests that
-the followin `content-type` header: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.
+This experimental "origin" check is executed only for pages rendered on demand, and only for the requests `POST, `PATCH`, `DELETE` and `PUT` with one of the following `content-type` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.
 
 It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.
diff --git a/packages/astro/src/@types/astro.ts b/packages/astro/src/@types/astro.ts
@@ -1856,7 +1856,7 @@ export interface AstroUserConfig {
 			 * @version 4.6.0
 			 * @description
 			 *
-			 * It enables some security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf
+			 * Allows you to enable security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf
 			 */
 
 			csrfProtection?: {

Original file line number	Diff line number	Diff line change
`@@ -1856,7 +1856,7 @@ export interface AstroUserConfig {`
`1856`	`1856`	`* @version 4.6.0`
`1857`	`1857`	`* @description`
`1858`	`1858`	`*`
`1859`		`- * It enables some security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf`
	`1859`	`+ * Allows you to enable security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf`
`1860`	`1860`	`*/`
`1861`	`1861`
`1862`	`1862`	`csrfProtection?: {`