Commit 39201d8f authored by Aymeric Augustin's avatar Aymeric Augustin
Browse files

Fixed #16704 -- Documented how to insert the CSRF token outside of Django's... 

Fixed #16704 -- Documented how to insert the CSRF token outside of Django's own template engine. Thanks paulcwatts and bpeschier for the patch.


git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent c4587003

docs/ref/contrib/csrf.txt

+18 −0
Original line number Diff line number Diff line
@@ -146,6 +146,24 @@ In addition, if the CSRF cookie has not been sent to the client by use of 
:ttag:`csrf_token`, you may need to ensure the client receives the cookie by

using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`.



Other template engines

----------------------



When using a different template engine than Django's built-in engine, you can

set the token in your forms manually after making sure it is available in the

context of the template.



So in Cheetah for example, your form could contain the following:



.. code-block:: html



    <div style="display:none">

        <input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/>

    </div>



You may use javascript similar to the :ref:`AJAX code <csrf-ajax>` above to get

the value of the CSRF token.



The decorator method

--------------------