#16936: CSRF with AJAX documentation is out-of-date
-------------------------------+--------------------------------------
Reporter: idangazit | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version: 1.3
Severity: Normal | Resolution:
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------------------------
Comment (by anonymous):
A minor comment on the docs part, you say:
{{{
100 If the CSRF token is not present in markup by use of the
:ttag:`csrf_token`
101 template tag, it must be supplied to the client by other
means. This is common
102 in cases where the form is dynamically added to the page,
and Django supplies
103 a decorator which will set a cookie containing the CSRF
token:
104 :func:`~django.views.decorators.csrf.ensure_csrf_cookie`.
Use the decorator
105 on any view which will need access to the CSRF token, but
doesn't include the
106 token in the actual markup sent to the client.
}}}
Small clarification, but I think of view as referring to python code
specifically, not the more abstract combination of view and content it
renders for display.
So perhaps something like "If you need access to the CSRF on the client
and it is not made available in the markup, use the CSRF decorator on the
associated view to set the CSRF cookie"
Specifying that the need is on the client side, instead of in the "view"
which I think of as the Django side.
--
Ticket URL: <https://code.djangoproject.com/ticket/16936#comment:1>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
