#16936: CSRF with AJAX documentation is out-of-date
-----------------------------+-----------------------------------------
Reporter: idangazit | Owner: nobody
Type: New feature | Status: new
Milestone: | Component: Documentation
Version: 1.3 | Severity: Normal
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-----------------------------+-----------------------------------------
Following the release of Django 1.2.5, we issued new guidelines on using
CSRF protection with AJAX requests:
https://www.djangoproject.com/weblog/2011/feb/08/security/
In that release, we included a JS snippet showing how to properly set the
CSRF token header on AJAX requests, which never made it into the docs.
In addition, the existing docs on using CSRF with AJAX are not as good as
they could be. Right now, we mix together discussion of how to get the
CSRF token and how to use it—breaking these out into logical sections
would make the docs easier to read.
Because the changes I'm making touch on security-related issues, I'd
really like several pairs of practiced eyes to go over it before we make a
change.
--
Ticket URL: <https://code.djangoproject.com/ticket/16936>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
