On Thu, Feb 24, 2011 at 8:44 AM, Paul <[email protected]> wrote: > Dear all, > > allow me to quickly introduce myself, my name is Paul, I'm a PhD > student from Germany and am playing around with django for mere joy > (procrastination). > > I have a quick question on why ticket #15352 ( > http://code.djangoproject.com/ticket/15352 > ) was closed? > > It just took me a fair amount of time to figure out why my ajax post > requests weren't working and for me the javascript-snippet posted > here: > http://www.djangoproject.com/weblog/2011/feb/08/security/ > doesn't work exactly because the id is missing on the csrf_token > (ubuntu 10.10, firefox 3.6.4, jQuery 1.5). I guess an alternative > would be to modify the javascript above so that the selector is > $("[name=csrfmiddlewaretoken]") > instead of > $("#csrfmiddlewaretoken") > > Sorry if I have missed something, I couldn't find anything on this on > the mailing list.
Luke gave you the reason when he closed the ticket. The reason it was closed is because you *can't* have an ID on a CSRF token. HTML requires that there is only one element with any given ID on a page. However, CSRF tokens don't meet that requirement. You can have multiple forms on a page, and each form needs to be submitted with the CSRF token. That means there are multiple CSRF token elements on the page, and as a result, you can't associate a simple ID with them. We *could* go to great lengths to provide some automated scheme for allocating IDs when there are multiple CSRF tokens... or we could just use the name of the token. We've chosen to do the latter. Yours, Russ Magee %-) -- You received this message because you are subscribed to the Google Groups "Django developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/django-developers?hl=en.
