Commit 9dc97707 authored by Luke Plant's avatar Luke Plant
Browse files

Documented the presence of {% csrf_token %} in Django 1.1.2 in trunk docs. 



git-svn-id: http://code.djangoproject.com/svn/django/trunk@11675 bcc190cf-cafb-0310-a4f2-bffc1f526a37
parent 905dba36

docs/ref/contrib/csrf.txt

+5 −2
Original line number Diff line number Diff line
@@ -188,9 +188,12 @@ applications in your project will meet its requirements by virtue of the 


The next step is to update all your applications to use the template tag, as

described in `How to use it`_, steps 2-3.  This can be done as soon as is

practical. Any applications that are updated will now require Django 1.2 or

practical. Any applications that are updated will now require Django 1.1.2 or

later, since they will use the CSRF template tag which was not available in

earlier versions.

earlier versions. (The template tag in 1.1.2 is actually a no-op that exists

solely to ease the transition to 1.2 — it allows apps to be created that have

CSRF protection under 1.2 without requiring users of the apps to upgrade to the

Django 1.2.X series).



The utility script ``extras/csrf_migration_helper.py`` can help to automate the

finding of code and templates that may need to be upgraded.  It contains full

docs/ref/templates/builtins.txt

+5 −2
Original line number Diff line number Diff line
@@ -56,9 +56,12 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}`` 
csrf_token

~~~~~~~~~~



.. versionadded:: 1.2

.. versionadded:: 1.1.2



This is described in the documentation for :ref:`Cross Site Request Forgeries <ref-contrib-csrf>`.

In the Django 1.1.X series, this is a no-op tag that returns an empty string for

future compatibility purposes.  In Django 1.2 and later, it is used for CSRF

protection, as described in the documentation for :ref:`Cross Site Request

Forgeries <ref-contrib-csrf>`.



cycle

~~~~~