summaryrefslogtreecommitdiff
path: root/docs/ref
diff options
context:
space:
mode:
authorTim Graham <timograham@gmail.com>2015-12-22 10:21:24 -0500
committerTim Graham <timograham@gmail.com>2015-12-23 09:14:32 -0500
commit4d83b0163e15f8352fd17fa121e929842ff2b686 (patch)
treeb72a5b5bc18dc0eb64c7f49fcb85bbef9401aca4 /docs/ref
parentedf3b88f1ad8f6e900fb3273cc8a573d3d77ce16 (diff)
Fixed #25969 -- Replaced render_to_response() with render() in docs examples.
Diffstat (limited to 'docs/ref')
-rw-r--r--docs/ref/csrf.txt30
-rw-r--r--docs/ref/template-response.txt3
2 files changed, 6 insertions, 27 deletions
diff --git a/docs/ref/csrf.txt b/docs/ref/csrf.txt
index d920f15e23..a423b77f7a 100644
--- a/docs/ref/csrf.txt
+++ b/docs/ref/csrf.txt
@@ -45,31 +45,11 @@ To take advantage of CSRF protection in your views, follow these steps:
This should not be done for POST forms that target external URLs, since
that would cause the CSRF token to be leaked, leading to a vulnerability.
-3. In the corresponding view functions, ensure that the
- ``'django.template.context_processors.csrf'`` context processor is
- being used. Usually, this can be done in one of two ways:
-
- 1. Use RequestContext, which always uses
- ``'django.template.context_processors.csrf'`` (no matter what template
- context processors are configured in the :setting:`TEMPLATES` setting).
- If you are using generic views or contrib apps, you are covered already,
- since these apps use RequestContext throughout.
-
- 2. Manually import and use the processor to generate the CSRF token and
- add it to the template context. e.g.::
-
- from django.shortcuts import render_to_response
- from django.template.context_processors import csrf
-
- def my_view(request):
- c = {}
- c.update(csrf(request))
- # ... view code here
- return render_to_response("a_template.html", c)
-
- You may want to write your own
- :func:`~django.shortcuts.render_to_response()` wrapper that takes care
- of this step for you.
+3. In the corresponding view functions, ensure that
+ :class:`~django.template.RequestContext` is used to render the response so
+ that ``{% csrf_token %}`` will work properly. If you're using the
+ :func:`~django.shortcuts.render` function, generic views, or contrib apps,
+ you are covered already since these all use ``RequestContext``.
.. _csrf-ajax:
diff --git a/docs/ref/template-response.txt b/docs/ref/template-response.txt
index 1b99b10b3b..b7ae38da70 100644
--- a/docs/ref/template-response.txt
+++ b/docs/ref/template-response.txt
@@ -283,8 +283,7 @@ Using TemplateResponse and SimpleTemplateResponse
A :class:`TemplateResponse` object can be used anywhere that a normal
:class:`django.http.HttpResponse` can be used. It can also be used as an
-alternative to calling :func:`~django.shortcuts.render()` or
-:func:`~django.shortcuts.render_to_response()`.
+alternative to calling :func:`~django.shortcuts.render()`.
For example, the following simple view returns a :class:`TemplateResponse`
with a simple template and a context containing a queryset::