From 044967671864d7d553fff7720ce6263d4ef00312 Mon Sep 17 00:00:00 2001
From: Anvit Srivastav <asrivastav@artefactual.com>
Date: Tue, 21 Nov 2023 12:27:02 -0800
Subject: [PATCH] Fix typo in reference label

---
 admin-manual/security/csp-headers.rst | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/admin-manual/security/csp-headers.rst b/admin-manual/security/csp-headers.rst
index 96ea2963..32dca3d5 100644
--- a/admin-manual/security/csp-headers.rst
+++ b/admin-manual/security/csp-headers.rst
@@ -81,7 +81,7 @@ This is the default configuration you'll find in AtoM's :ref:`config-app-yml` fi
 The CSP ``repsonse_header`` setting is used to set the CSP header type and can have one of
 two values:
 
-- **Content-Security-Policy**: 
+- **Content-Security-Policy**:
   This setting will enforce the defined policy. When set, the browser will block any
   resources (scripts, images, stylesheets, etc.) that violate the policy directives.
 
@@ -116,8 +116,8 @@ Updating these settings will require restarting :ref:`PHP-FPM <troubleshooting-r
 
 .. IMPORTANT::
 
-   CSP headers will only be applied to a response if a Bootstrap 5 based theme is in use. See: 
-     * :ref:`customization-theming` 
+   CSP headers will only be applied to a response if a Bootstrap 5 based theme is in use. See:
+     * :ref:`customization-theming`
      * :ref:`themes`
 
 CSP headers can be deactivated by deleting the CSP section from the :ref:`config-app-yml`
@@ -130,7 +130,7 @@ Implementing a Content Security Policy For Your Custom Theme
 
 1. Begin with a basic CSP directive.
 
-   If your custom theme is derived from AtoM's Dominion Bootstrap 5 theme, begin 
+   If your custom theme is derived from AtoM's Dominion Bootstrap 5 theme, begin
    with the baseline CSP directive from AtoM's :ref:`config-app-yml`:
 
    .. code-block:: none
@@ -147,8 +147,8 @@ Implementing a Content Security Policy For Your Custom Theme
          response_header: Content-Security-Policy-Report-Only
          directives: "default-src 'self'; font-src 'self'; img-src 'self' https://www.gravatar.com/avatar/ blob:; script-src 'self' 'nonce'; style-src 'self' 'nonce'; worker-src 'self' blob:; frame-ancestors 'self';"
 
-   For those who have crafted a custom theme, but haven't used AtoM's default Bootstrap 5 
-   Dominion theme as a foundation, it's recommended to start with a more restrictive 
+   For those who have crafted a custom theme, but haven't used AtoM's default Bootstrap 5
+   Dominion theme as a foundation, it's recommended to start with a more restrictive
    `content-security-policy` header:
 
    .. code-block:: none
@@ -181,7 +181,7 @@ Implementing a Content Security Policy For Your Custom Theme
 
    Use "view source" to find the implicated line - find and fix the violation in the
    underlying code. Most of these are going to be inline assets - scripts, styles, etc.
-   See: :ref:`cap-allow-inline-sources`.
+   See: :ref:`csp-allow-inline-sources`.
 
 4. Activate policy enforcement.
 
@@ -235,7 +235,7 @@ If your application has inline scripts there are 4 choices:
 
 Work completed to make the Dominion theme compatible with CSP headers can be viewed
 in this `AtoM CSP commit`_. This commit provides examples of how to refer to the nonce
-value generated by AtoM from your theme templates, and examples of refactoring code to 
+value generated by AtoM from your theme templates, and examples of refactoring code to
 remove inline styles in favour of Bootstrap 5 equivalents.
 
 .. _csp-allow-external-sources:
@@ -243,7 +243,7 @@ remove inline styles in favour of Bootstrap 5 equivalents.
 Allowing External Sources
 -------------------------
 
-If for example the application makes use of Gravatar assets, we could allow them by 
+If for example the application makes use of Gravatar assets, we could allow them by
 adding:
 
 .. code-block:: none
@@ -257,19 +257,19 @@ to be run from the entire ``https://www.gravatar.com`` domain.
 
 If your theme makes use of Google Analytics, Tag Manager, or the Maps API, then
 you may need to whitelist additional sources. We recommend consulting Google's
-documentation for this:  
+documentation for this:
 
 * https://developers.google.com/tag-manager/web/csp
 * https://developers.google.com/web/fundamentals/security/csp/
 * https://content-security-policy.com/examples/google-maps/
 
 .. SEEALSO::
-   
-   Additional AtoM documentation links related to Google service integrations: 
+
+   Additional AtoM documentation links related to Google service integrations:
 
    * :ref:`maintenance-web-analytics`
    * :ref:`maps-api-key`
 
 .. _`AtoM CSP commit`: https://github.com/artefactual/atom/commit/d796a1f7252aa6ce6c4ef611fac91939584df00b
 .. _`CSP`: https://en.wikipedia.org/wiki/Content_Security_Policy
-.. _`XSS`: https://owasp.org/www-community/attacks/xss/
\ No newline at end of file
+.. _`XSS`: https://owasp.org/www-community/attacks/xss/