Fixed link

pages/ch_cgi.md

@@ -219,7 +219,7 @@ Please note that for historical reasons by default FastCGI application will exit
 
 The [CCgiApplication](https://www.ncbi.nlm.nih.gov/IEB/ToolBox/CPP_DOC/lxr/ident?i=CCgiApplication) class supports Cross-Origin Resource Sharing (CORS) which is disabled by default. To enable CORS set CORS_Enable variable to true in [CGI] section of the INI file. There are several other values for fine-tuning CORS request processing: CORS_Allow_Origin, CORS_Allow_Headers, CORS_Allow_Methods etc. All CORS related values are described in [CGI and FCGI parameters](https://ncbi.github.io/cxx-toolkit/pages/ch_libconfig#ch_libconfig.libconfig_cgi). For more information on CORS see https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS.
 
-The [CCgiApplication](https://www.ncbi.nlm.nih.gov/IEB/ToolBox/CPP_DOC/lxr/ident?i=CCgiApplication) class provides basic protection against [Cross Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29).  The protection uses synchronization token checked by [ValidateSynchronizationToken()](http://intranet.ncbi.nlm.nih.gov/ieb/ToolBox/CPP_DOC/lxr/ident?i=ValidateSynchronizationToken) virtual method. The default implementation checks if the token is present in **Ncbi-CSRF-Token** HTTP header, which must be set on the client side (e.g. by a javascript). ValidateSynchronizationToken() expects the token to be equal to the current session ID (passed in the HTTP cookies). If the token does not pass validation the CGI returns status "403 Forbidden". CSRF protection is disabled by default. See [CGI and FCGI parameters](https://ncbi.github.io/cxx-toolkit/pages/ch_libconfig#ch_libconfig.libconfig_cgi) for the information on enabling it. If token validation is enabled, replies to CORS preflight requests will add Ncbi-CSRF-Token to the list of allowed headers (Access-Control-Allow-Headers). ValidateSynchronizationToken() method can be overriden to provide a different CSRF protection mechanism.
+The [CCgiApplication](https://www.ncbi.nlm.nih.gov/IEB/ToolBox/CPP_DOC/lxr/ident?i=CCgiApplication) class provides basic protection against [Cross Site Request Forgery (CSRF)](https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)).  The protection uses synchronization token checked by [ValidateSynchronizationToken()](http://intranet.ncbi.nlm.nih.gov/ieb/ToolBox/CPP_DOC/lxr/ident?i=ValidateSynchronizationToken) virtual method. The default implementation checks if the token is present in **Ncbi-CSRF-Token** HTTP header, which must be set on the client side (e.g. by a javascript). ValidateSynchronizationToken() expects the token to be equal to the current session ID (passed in the HTTP cookies). If the token does not pass validation the CGI returns status "403 Forbidden". CSRF protection is disabled by default. See [CGI and FCGI parameters](https://ncbi.github.io/cxx-toolkit/pages/ch_libconfig#ch_libconfig.libconfig_cgi) for the information on enabling it. If token validation is enabled, replies to CORS preflight requests will add Ncbi-CSRF-Token to the list of allowed headers (Access-Control-Allow-Headers). ValidateSynchronizationToken() method can be overriden to provide a different CSRF protection mechanism.
 
 <a name="ch_cgi.cgi_res_class"></a>