From b42e1913e6ef6f7afdbf77aac0b329430c1805d8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adri=C3=A1n=20Chaves?= <adrian@chaves.io>
Date: Tue, 5 Oct 2021 12:07:00 +0200
Subject: [PATCH] README.rst: remove :ref: usage

---
 CHANGES.rst | 2 +-
 README.rst  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/CHANGES.rst b/CHANGES.rst
index be393ad..3daeca7 100644
--- a/CHANGES.rst
+++ b/CHANGES.rst
@@ -6,7 +6,7 @@ Changes
 
 *   **Security bug fix:**
 
-    If you use ``HttpAuthMiddleware`` (i.e. the ``http_user`` and ``http_pass``
+    If you use HttpAuthMiddleware_ (i.e. the ``http_user`` and ``http_pass``
     spider attributes) for Splash authentication, any non-Splash request will
     expose your credentials to the request target. This includes ``robots.txt``
     requests sent by Scrapy when the ``ROBOTSTXT_OBEY`` setting is set to
diff --git a/README.rst b/README.rst
index 478d0fe..9b604ca 100644
--- a/README.rst
+++ b/README.rst
@@ -602,7 +602,7 @@ to ``splash_headers`` if you want to change credentials per-request::
             yield SplashRequest(url, self.parse,
                                 splash_headers={'Authorization': auth})
 
-**WARNING:** Don't use :ref:`HttpAuthMiddleware`
+**WARNING:** Don't use `HttpAuthMiddleware`_
 (i.e. ``http_user`` / ``http_pass`` spider attributes) for Splash
 authentication: if you occasionally send a non-Splash request from your spider,
 you may expose Splash credentials to a remote website, as HttpAuthMiddleware