Apply suggestions from code review

Co-authored-by: Sarah Rainsberger <[email protected]>

.changeset/fair-jars-behave.md

@@ -2,7 +2,7 @@
 "astro": minor
 ---
 
-Adds a new security - and experimental - option to prevent CSRF attacks. This feature is available only for on-demand pages:
+Adds a new experimental security option to prevent [Cross-Site Request Forgery (CSRF) attacks](https://owasp.org/www-community/attacks/csrf). This feature is available only for pages rendered on demand:
 
 ```js
 import { defineConfig } from "astro/config"
@@ -17,9 +17,8 @@ export default defineConfig({
 })
 ```
 
-When enabled, it checks that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`.
+Enabling this setting performs a check that the "origin" header, automatically passed by all modern browsers, matches the URL sent by each `Request`.
 
-The "origin" check is executed only on-demand pages, and only for the requests `POST, `PATCH`, `DELETE` and `PUT`, only for those requests that
-the followin `content-type` header: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.
+This experimental "origin" check is executed only for pages rendered on demand, and only for the requests `POST, `PATCH`, `DELETE` and `PUT` with one of the following `content-type` headers: 'application/x-www-form-urlencoded', 'multipart/form-data', 'text/plain'.
 
 It the "origin" header doesn't match the pathname of the request, Astro will return a 403 status code and won't render the page.

packages/astro/src/@types/astro.ts

@@ -1856,7 +1856,7 @@ export interface AstroUserConfig {
 			 * @version 4.6.0
 			 * @description
 			 *
-			 * It enables some security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf
+			 * Allows you to enable security measures to prevent CSRF attacks: https://owasp.org/www-community/attacks/csrf
 			 */
 
 			csrfProtection?: {