summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLuke Plant <L.Plant.98@cantab.net>2011-02-22 11:30:10 +0000
committerLuke Plant <L.Plant.98@cantab.net>2011-02-22 11:30:10 +0000
commite89c471ebb5ae2b55b3677a953759792fce84bc8 (patch)
treeb7ba9bb38eba0cfe6b21dc3a1c42648db924d9c4
parentdc9d639c0aeb0e3c239d9a20f7aa51e7a3d5261b (diff)
[1.2.X] Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
Backport of [15628] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15629 bcc190cf-cafb-0310-a4f2-bffc1f526a37
-rw-r--r--docs/ref/contrib/csrf.txt2
-rw-r--r--docs/releases/1.1.4.txt18
-rw-r--r--docs/releases/1.2.5.txt32
3 files changed, 10 insertions, 42 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt
index 18675e48c8..cd412b3043 100644
--- a/docs/ref/contrib/csrf.txt
+++ b/docs/ref/contrib/csrf.txt
@@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the
finding of code and templates that may need to be upgraded. It contains full
help on how to use it.
+.. _csrf-ajax:
+
AJAX
----
diff --git a/docs/releases/1.1.4.txt b/docs/releases/1.1.4.txt
index 7a3035f9bd..e561201c18 100644
--- a/docs/releases/1.1.4.txt
+++ b/docs/releases/1.1.4.txt
@@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests.
-The following example using the jQuery JavaScript toolkit demonstrates
-this; the call to jQuery's ajaxSetup will cause all AJAX requests to
-send back the CSRF token in the custom X-CSRFTOKEN header::
-
- $.ajaxSetup({
- beforeSend: function(xhr, settings) {
- if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
- // Only send the token to relative URLs i.e. locally.
- xhr.setRequestHeader("X-CSRFToken",
- $("#csrfmiddlewaretoken").val());
- }
- }
- });
-
+Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
+that demonstrates this technique, ensuring that you are looking at the
+documentation for your version of Django, as the exact code necessary
+is different for some older versions of Django.
diff --git a/docs/releases/1.2.5.txt b/docs/releases/1.2.5.txt
index b169a4b765..8427534301 100644
--- a/docs/releases/1.2.5.txt
+++ b/docs/releases/1.2.5.txt
@@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests.
-The following example using the jQuery JavaScript toolkit demonstrates
-this; the call to jQuery's ajaxSetup will cause all AJAX requests to
-send back the CSRF token in the custom X-CSRFTOKEN header::
-
- $.ajaxSetup({
- beforeSend: function(xhr, settings) {
- function getCookie(name) {
- var cookieValue = null;
- if (document.cookie && document.cookie != '') {
- var cookies = document.cookie.split(';');
- for (var i = 0; i < cookies.length; i++) {
- var cookie = jQuery.trim(cookies[i]);
- // Does this cookie string begin with the name we want?
- if (cookie.substring(0, name.length + 1) == (name + '=')) {
- cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
- break;
- }
- }
- }
- return cookieValue;
- }
- if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
- // Only send the token to relative URLs i.e. locally.
- xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
- }
- }
- });
-
+Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
+that demonstrates this technique, ensuring that you are looking at the
+documentation for your version of Django, as the exact code necessary
+is different for some older versions of Django.
FileField no longer deletes files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~