From de5a453d51681e2f162cf3e51406ef9afc0c6863 Mon Sep 17 00:00:00 2001
From: tommcn <tommcn@mcnamer.ca>
Date: Wed, 16 Mar 2022 21:12:31 -0400
Subject: [PATCH] [4.0.x] Corrected CSRF reference in middleware docs.

Backport of 8e633906403853868bcd7df62ba30a86151a944d from main
---
 docs/ref/middleware.txt | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/docs/ref/middleware.txt b/docs/ref/middleware.txt
index 412f8a99a4..cb1867f7ac 100644
--- a/docs/ref/middleware.txt
+++ b/docs/ref/middleware.txt
@@ -302,10 +302,11 @@ for:
 
 .. warning::
     When your site is served via HTTPS, :ref:`Django's CSRF protection system
-    <using-csrf>` requires the ``Referer`` header to be present, so completely
-    disabling the ``Referer`` header will interfere with CSRF protection. To
-    gain most of the benefits of disabling ``Referer`` headers while also
-    keeping CSRF protection, consider enabling only same-origin referrers.
+    <how-csrf-works>` requires the ``Referer`` header to be present, so
+    completely disabling the ``Referer`` header will interfere with CSRF
+    protection. To gain most of the benefits of disabling ``Referer`` headers
+    while also keeping CSRF protection, consider enabling only same-origin
+    referrers.
 
 ``SecurityMiddleware`` can set the ``Referrer-Policy`` header for you, based on
 the :setting:`SECURE_REFERRER_POLICY` setting (note spelling: browsers send a