diff options
| author | Tim Graham <timograham@gmail.com> | 2015-12-22 10:21:24 -0500 |
|---|---|---|
| committer | Tim Graham <timograham@gmail.com> | 2015-12-23 09:14:32 -0500 |
| commit | 4d83b0163e15f8352fd17fa121e929842ff2b686 (patch) | |
| tree | b72a5b5bc18dc0eb64c7f49fcb85bbef9401aca4 /docs/ref | |
| parent | edf3b88f1ad8f6e900fb3273cc8a573d3d77ce16 (diff) | |
Fixed #25969 -- Replaced render_to_response() with render() in docs examples.
Diffstat (limited to 'docs/ref')
| -rw-r--r-- | docs/ref/csrf.txt | 30 | ||||
| -rw-r--r-- | docs/ref/template-response.txt | 3 |
2 files changed, 6 insertions, 27 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt index d920f15e23..a423b77f7a 100644 --- a/docs/ref/csrf.txt +++ b/docs/ref/csrf.txt @@ -45,31 +45,11 @@ To take advantage of CSRF protection in your views, follow these steps: This should not be done for POST forms that target external URLs, since that would cause the CSRF token to be leaked, leading to a vulnerability. -3. In the corresponding view functions, ensure that the - ``'django.template.context_processors.csrf'`` context processor is - being used. Usually, this can be done in one of two ways: - - 1. Use RequestContext, which always uses - ``'django.template.context_processors.csrf'`` (no matter what template - context processors are configured in the :setting:`TEMPLATES` setting). - If you are using generic views or contrib apps, you are covered already, - since these apps use RequestContext throughout. - - 2. Manually import and use the processor to generate the CSRF token and - add it to the template context. e.g.:: - - from django.shortcuts import render_to_response - from django.template.context_processors import csrf - - def my_view(request): - c = {} - c.update(csrf(request)) - # ... view code here - return render_to_response("a_template.html", c) - - You may want to write your own - :func:`~django.shortcuts.render_to_response()` wrapper that takes care - of this step for you. +3. In the corresponding view functions, ensure that + :class:`~django.template.RequestContext` is used to render the response so + that ``{% csrf_token %}`` will work properly. If you're using the + :func:`~django.shortcuts.render` function, generic views, or contrib apps, + you are covered already since these all use ``RequestContext``. .. _csrf-ajax: diff --git a/docs/ref/template-response.txt b/docs/ref/template-response.txt index 1b99b10b3b..b7ae38da70 100644 --- a/docs/ref/template-response.txt +++ b/docs/ref/template-response.txt @@ -283,8 +283,7 @@ Using TemplateResponse and SimpleTemplateResponse A :class:`TemplateResponse` object can be used anywhere that a normal :class:`django.http.HttpResponse` can be used. It can also be used as an -alternative to calling :func:`~django.shortcuts.render()` or -:func:`~django.shortcuts.render_to_response()`. +alternative to calling :func:`~django.shortcuts.render()`. For example, the following simple view returns a :class:`TemplateResponse` with a simple template and a context containing a queryset:: |
