Docs: updated CSRF additional headers (#50589)

* Docs: updated CSRF additional headers

* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml.md

Co-authored-by: heoelri <heoelri@users.noreply.github.com>

* update to include referer

* Update docs/sources/setup-grafana/configure-security/configure-authentication/saml.md

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>

Co-authored-by: Emil Tullstedt <emil.tullstedt@grafana.com>
Co-authored-by: heoelri <heoelri@users.noreply.github.com>

docs/sources/setup-grafana/configure-security/configure-authentication/saml.md

@@ -412,7 +412,7 @@ The keys you provide should look like:
 
 When the user logs in using SAML and gets presented with "origin not allowed", the user might be issuing the login from an IdP (identity provider) service or the user is behind a reverse proxy. This potentially happens as Grafana's CSRF checks deem the requests to be invalid. For more information [CSRF](https://owasp.org/www-community/attacks/csrf).
 
-To solve this issue, you can configure either the [`csrf_trusted_origins`]({{< relref "../../configure-grafana/enterprise-configuration/#csrf-trusted-origins" >}}) or [`csrf_origin_headers`]({{< relref "../../configure-grafana/enterprise-configuration/#csrf-origin-headers" >}}) option in the SAML configuration.
+To solve this issue, you can configure either the [`csrf_trusted_origins`]({{< relref "../../configure-grafana/#csrf-trusted-origins" >}}) or [`csrf_additional_headers`]({{< relref "../../configure-grafana/#csrf_additional_headers" >}}) option in the SAML configuration.
 
 Example of a configuration file:
 
@@ -421,6 +421,6 @@ Example of a configuration file:
 ...
 [security]
 csrf_trusted_origins = https://grafana.example.com
-csrf_origin_headers = X-Forwarded-Proto X-Forwarded-Host X-Forwarded-Port
+csrf_additional_headers = X-Forwarded-Host
 ...
 ```