Fix typo in reference label

artefactual · Nov 21, 2023 · 0449676 · 0449676
1 parent 43dc5cd
commit 0449676
Showing 1 changed file with 13 additions and 13 deletions.
diff --git a/admin-manual/security/csp-headers.rst b/admin-manual/security/csp-headers.rst
@@ -81,7 +81,7 @@ This is the default configuration you'll find in AtoM's :ref:`config-app-yml` fi
 The CSP ``repsonse_header`` setting is used to set the CSP header type and can have one of
 two values:
 
-- **Content-Security-Policy**: 
+- **Content-Security-Policy**:
   This setting will enforce the defined policy. When set, the browser will block any
   resources (scripts, images, stylesheets, etc.) that violate the policy directives.
 
@@ -116,8 +116,8 @@ Updating these settings will require restarting :ref:`PHP-FPM <troubleshooting-r
 
 .. IMPORTANT::
 
-   CSP headers will only be applied to a response if a Bootstrap 5 based theme is in use. See: 
-     * :ref:`customization-theming` 
+   CSP headers will only be applied to a response if a Bootstrap 5 based theme is in use. See:
+     * :ref:`customization-theming`
      * :ref:`themes`
 
 CSP headers can be deactivated by deleting the CSP section from the :ref:`config-app-yml`
@@ -130,7 +130,7 @@ Implementing a Content Security Policy For Your Custom Theme
 
 1. Begin with a basic CSP directive.
 
-   If your custom theme is derived from AtoM's Dominion Bootstrap 5 theme, begin 
+   If your custom theme is derived from AtoM's Dominion Bootstrap 5 theme, begin
    with the baseline CSP directive from AtoM's :ref:`config-app-yml`:
 
    .. code-block:: none
@@ -147,8 +147,8 @@ Implementing a Content Security Policy For Your Custom Theme
          response_header: Content-Security-Policy-Report-Only
          directives: "default-src 'self'; font-src 'self'; img-src 'self' https://www.gravatar.com/avatar/ blob:; script-src 'self' 'nonce'; style-src 'self' 'nonce'; worker-src 'self' blob:; frame-ancestors 'self';"
 
-   For those who have crafted a custom theme, but haven't used AtoM's default Bootstrap 5 
-   Dominion theme as a foundation, it's recommended to start with a more restrictive 
+   For those who have crafted a custom theme, but haven't used AtoM's default Bootstrap 5
+   Dominion theme as a foundation, it's recommended to start with a more restrictive
    `content-security-policy` header:
 
    .. code-block:: none
@@ -181,7 +181,7 @@ Implementing a Content Security Policy For Your Custom Theme
 
    Use "view source" to find the implicated line - find and fix the violation in the
    underlying code. Most of these are going to be inline assets - scripts, styles, etc.
-   See: :ref:`cap-allow-inline-sources`.
+   See: :ref:`csp-allow-inline-sources`.
 
 4. Activate policy enforcement.
 
@@ -235,15 +235,15 @@ If your application has inline scripts there are 4 choices:
 
 Work completed to make the Dominion theme compatible with CSP headers can be viewed
 in this `AtoM CSP commit`_. This commit provides examples of how to refer to the nonce
-value generated by AtoM from your theme templates, and examples of refactoring code to 
+value generated by AtoM from your theme templates, and examples of refactoring code to
 remove inline styles in favour of Bootstrap 5 equivalents.
 
 .. _csp-allow-external-sources:
 
 Allowing External Sources
 -------------------------
 
-If for example the application makes use of Gravatar assets, we could allow them by 
+If for example the application makes use of Gravatar assets, we could allow them by
 adding:
 
 .. code-block:: none
@@ -257,19 +257,19 @@ to be run from the entire ``https://www.gravatar.com`` domain.
 
 If your theme makes use of Google Analytics, Tag Manager, or the Maps API, then
 you may need to whitelist additional sources. We recommend consulting Google's
-documentation for this:  
+documentation for this:
 
 * https://developers.google.com/tag-manager/web/csp
 * https://developers.google.com/web/fundamentals/security/csp/
 * https://content-security-policy.com/examples/google-maps/
 
 .. SEEALSO::
-   
-   Additional AtoM documentation links related to Google service integrations: 
+
+   Additional AtoM documentation links related to Google service integrations:
 
    * :ref:`maintenance-web-analytics`
    * :ref:`maps-api-key`
 
 .. _`AtoM CSP commit`: https://github.com/artefactual/atom/commit/d796a1f7252aa6ce6c4ef611fac91939584df00b
 .. _`CSP`: https://en.wikipedia.org/wiki/Content_Security_Policy
-.. _`XSS`: https://owasp.org/www-community/attacks/xss/
+.. _`XSS`: https://owasp.org/www-community/attacks/xss/