diff options
| author | Aymeric Augustin <aymeric.augustin@m4x.org> | 2011-12-30 14:55:44 +0000 |
|---|---|---|
| committer | Aymeric Augustin <aymeric.augustin@m4x.org> | 2011-12-30 14:55:44 +0000 |
| commit | 39201d8fe55df561911e274f805eff3fa7e5819f (patch) | |
| tree | 379cc9f4e6b1a6f923c441e13ef73708db400401 /docs | |
| parent | c458700382724e85d8572fc80cd829f54d57d43d (diff) | |
Fixed #16704 -- Documented how to insert the CSRF token outside of Django's own template engine. Thanks paulcwatts and bpeschier for the patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 4c847271da..feeba2280c 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -146,6 +146,24 @@ In addition, if the CSRF cookie has not been sent to the client by use of :ttag:`csrf_token`, you may need to ensure the client receives the cookie by using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`. +Other template engines +---------------------- + +When using a different template engine than Django's built-in engine, you can +set the token in your forms manually after making sure it is available in the +context of the template. + +So in Cheetah for example, your form could contain the following: + +.. code-block:: html + + <div style="display:none"> + <input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/> + </div> + +You may use javascript similar to the :ref:`AJAX code <csrf-ajax>` above to get +the value of the CSRF token. + The decorator method -------------------- |
