#6709: csrf for javascript or ajax based forms -------------------------------------------+-------------------------------- Reporter: hasen <[EMAIL PROTECTED]> | Owner: nobody Status: new | Component: Contrib apps Version: SVN | Keywords: csrf Stage: Unreviewed | Has_patch: 0 -------------------------------------------+-------------------------------- The CSRF middleware doesn't insert anything if it doesn't see a <form> tag with method="post", This is very limiting, I for example, in some of my ajax-based pages, don't use a form tag at all, I just put the <input> fields, give them ids, and collect the data programatically (using the input elements' id) and also send the form using the post method programatically (through an !XmlHttpRequest object).
It would be nice if the CSRF framework still adds the hidden csrf token to the page even if it finds no form with a post method, by just inserting the token somewhere reasonble within the body of the page so that it's accessible for any piece of JS code. (i.e. such that it has an id) -- Ticket URL: <http://code.djangoproject.com/ticket/6709> Django Code <http://code.djangoproject.com/> The web framework for perfectionists with deadlines --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django updates" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-updates?hl=en -~----------~----~----~----~------~----~------~--~---
