Commit 37343bac authored by Luke Plant's avatar Luke Plant
Browse files

Removed example CSRF jQuery code from release notes, replacing with link to... 

Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 337d102b

docs/ref/contrib/csrf.txt

+2 −0
Original line number Diff line number Diff line
@@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the 
finding of code and templates that may need to be upgraded.  It contains full

help on how to use it.



.. _csrf-ajax:



AJAX

----

docs/releases/1.1.4.txt

+4 −14
Original line number Diff line number Diff line
@@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease 
of use with popular JavaScript toolkits which allow insertion of

custom headers into all AJAX requests.



The following example using the jQuery JavaScript toolkit demonstrates

this; the call to jQuery's ajaxSetup will cause all AJAX requests to

send back the CSRF token in the custom X-CSRFTOKEN header::



    $.ajaxSetup({

        beforeSend: function(xhr, settings) {

            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {

                // Only send the token to relative URLs i.e. locally.

                xhr.setRequestHeader("X-CSRFToken",

                                     $("#csrfmiddlewaretoken").val());

            }

        }

    });

Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`

that demonstrates this technique, ensuring that you are looking at the

documentation for your version of Django, as the exact code necessary

is different for some older versions of Django.

docs/releases/1.2.5.txt

+4 −28
Original line number Diff line number Diff line
@@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease 
of use with popular JavaScript toolkits which allow insertion of

custom headers into all AJAX requests.



The following example using the jQuery JavaScript toolkit demonstrates

this; the call to jQuery's ajaxSetup will cause all AJAX requests to

send back the CSRF token in the custom X-CSRFTOKEN header::



    $.ajaxSetup({

        beforeSend: function(xhr, settings) {

            function getCookie(name) {

                var cookieValue = null;

                if (document.cookie && document.cookie != '') {

                    var cookies = document.cookie.split(';');

                    for (var i = 0; i < cookies.length; i++) {

                        var cookie = jQuery.trim(cookies[i]);

                        // Does this cookie string begin with the name we want?

                        if (cookie.substring(0, name.length + 1) == (name + '=')) {

                            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));

                            break;

                        }

                    }

                }

                return cookieValue;

            }

            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {

                // Only send the token to relative URLs i.e. locally.

                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));

            }

        }

    });



Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`

that demonstrates this technique, ensuring that you are looking at the

documentation for your version of Django, as the exact code necessary

is different for some older versions of Django.



FileField no longer deletes files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

docs/releases/1.3.txt

+4 −28
Original line number Diff line number Diff line
@@ -305,34 +305,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease 
of use with popular JavaScript toolkits which allow insertion of

custom headers into all AJAX requests.



The following example using the jQuery JavaScript toolkit demonstrates

this; the call to jQuery's ajaxSetup will cause all AJAX requests to

send back the CSRF token in the custom X-CSRFTOKEN header::



    $.ajaxSetup({

        beforeSend: function(xhr, settings) {

            function getCookie(name) {

                var cookieValue = null;

                if (document.cookie && document.cookie != '') {

                    var cookies = document.cookie.split(';');

                    for (var i = 0; i < cookies.length; i++) {

                        var cookie = jQuery.trim(cookies[i]);

                        // Does this cookie string begin with the name we want?

                        if (cookie.substring(0, name.length + 1) == (name + '=')) {

                            cookieValue = decodeURIComponent(cookie.substring(name.length + 1));

                            break;

                        }

                    }

                }

                return cookieValue;

            }

            if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {

                // Only send the token to relative URLs i.e. locally.

                xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));

            }

        }

    });



Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`

that demonstrates this technique, ensuring that you are looking at the

documentation for your version of Django, as the exact code necessary

is different for some older versions of Django.



Restricted filters in admin interface

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~