diff options
| author | B. J. Potter <bjpotter@gmail.com> | 2016-06-02 11:05:57 -0700 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2016-06-03 15:25:55 -0400 |
| commit | 16ce7a51ea5147949d652f8bf60b6e215ec16d8d (patch) | |
| tree | 07e6e780fd1421631d8b68af7755f576b4648b22 /docs/ref | |
| parent | 19cb66a54a0944a343cb11e4dfe98221138ca68c (diff) | |
[1.9.x] Fixed #26596 -- Added Jinja2 {{ csrf_input }} documentation.
Backport of 9c53facc45908bc0593de194a60bc75e5d34a48e from master
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/csrf.txt | 22 |
1 files changed, 7 insertions, 15 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index bc8e05a5e6..df17d138f5 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -148,24 +148,16 @@ If you're using AngularJS 1.1.3 and newer, it's sufficient to configure the $httpProvider.defaults.xsrfCookieName = 'csrftoken'; $httpProvider.defaults.xsrfHeaderName = 'X-CSRFToken'; -Other template engines ----------------------- +Using CSRF in Jinja2 templates +------------------------------ -When using a different template engine than Django's built-in engine, you can -set the token in your forms manually after making sure it's available in the -template context. +Django's :class:`~django.template.backends.jinja2.Jinja2` template backend +adds ``{{ csrf_input }}`` to the context of all templates which is equivalent +to ``{% csrf_token %}`` in the Django template language. For example: -For example, in the Jinja2 template language, your form could contain the -following: +.. code-block:: html+jinja -.. code-block:: html - - <div style="display:none"> - <input type="hidden" name="csrfmiddlewaretoken" value="{{ csrf_token }}"> - </div> - -You can use JavaScript similar to the :ref:`AJAX code <csrf-ajax>` above to get -the value of the CSRF token. + <form action="" method="post">{{ csrf_input }} The decorator method -------------------- |
