diff options
| author | Luke Plant <L.Plant.98@cantab.net> | 2011-02-22 11:30:10 +0000 |
|---|---|---|
| committer | Luke Plant <L.Plant.98@cantab.net> | 2011-02-22 11:30:10 +0000 |
| commit | e89c471ebb5ae2b55b3677a953759792fce84bc8 (patch) | |
| tree | b7ba9bb38eba0cfe6b21dc3a1c42648db924d9c4 /docs | |
| parent | dc9d639c0aeb0e3c239d9a20f7aa51e7a3d5261b (diff) | |
[1.2.X] Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs
Backport of [15628] from trunk.
git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.2.X@15629 bcc190cf-cafb-0310-a4f2-bffc1f526a37
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/ref/contrib/csrf.txt | 2 | ||||
| -rw-r--r-- | docs/releases/1.1.4.txt | 18 | ||||
| -rw-r--r-- | docs/releases/1.2.5.txt | 32 |
3 files changed, 10 insertions, 42 deletions
diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 18675e48c8..cd412b3043 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the finding of code and templates that may need to be upgraded. It contains full help on how to use it. +.. _csrf-ajax: + AJAX ---- diff --git a/docs/releases/1.1.4.txt b/docs/releases/1.1.4.txt index 7a3035f9bd..e561201c18 100644 --- a/docs/releases/1.1.4.txt +++ b/docs/releases/1.1.4.txt @@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", - $("#csrfmiddlewaretoken").val()); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. diff --git a/docs/releases/1.2.5.txt b/docs/releases/1.2.5.txt index b169a4b765..8427534301 100644 --- a/docs/releases/1.2.5.txt +++ b/docs/releases/1.2.5.txt @@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - function getCookie(name) { - var cookieValue = null; - if (document.cookie && document.cookie != '') { - var cookies = document.cookie.split(';'); - for (var i = 0; i < cookies.length; i++) { - var cookie = jQuery.trim(cookies[i]); - // Does this cookie string begin with the name we want? - if (cookie.substring(0, name.length + 1) == (name + '=')) { - cookieValue = decodeURIComponent(cookie.substring(name.length + 1)); - break; - } - } - } - return cookieValue; - } - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken')); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django. FileField no longer deletes files ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
