#16936: CSRF with AJAX documentation is out-of-date
-------------------------------+------------------------------------
Reporter: idangazit | Owner: nobody
Type: New feature | Status: new
Component: Documentation | Version: SVN
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
-------------------------------+------------------------------------
Changes (by ptone):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* version: 1.3 => SVN
* stage: Unreviewed => Accepted
Comment:
I checked, and yes both the context_processor, and decorator call the
middleware, so the cookie should be available. One thing to mention in
this part of the docs, is that the cookie name may not be the default if
the CSRF_COOKIE_NAME has been changed.
Also, the csrf input element will be present and set to "" if the context
processor was run without either csrf decorator or middleware setting the
cookie
@lukeplant my comment about enforcing relative URLs was basically the same
one you made about removing same origin, that is, disallowing full, same
origin URLs - I wasn't aware of how new r16183 was.
Either way - this should be accepted and improved
--
Ticket URL: <https://code.djangoproject.com/ticket/16936#comment:6>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/django-updates?hl=en.
