innov
/
django1
1
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity

Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@15628 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-02-22 11:27:58 +00:00
parent 337d102b86
commit 37343bac8a
4 changed files with 14 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs/ref/contrib/csrf.txt
View File

@ -81,6 +81,8 @@ The utility script ``extras/csrf_migration_helper.py`` can help to automate the
finding of code and templates that may need to be upgraded. It contains full finding of code and templates that may need to be upgraded. It contains full
help on how to use it. help on how to use it.
.. _csrf-ajax:
AJAX AJAX
---- ----

18
docs/releases/1.1.4.txt
View File

@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests. custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
this; the call to jQuery's ajaxSetup will cause all AJAX requests to that demonstrates this technique, ensuring that you are looking at the
send back the CSRF token in the custom X-CSRFTOKEN header:: documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken",
$("#csrfmiddlewaretoken").val());
}
}
});

32
docs/releases/1.2.5.txt
View File

@ -62,34 +62,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests. custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
this; the call to jQuery's ajaxSetup will cause all AJAX requests to that demonstrates this technique, ensuring that you are looking at the
send back the CSRF token in the custom X-CSRFTOKEN header:: documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
});
FileField no longer deletes files FileField no longer deletes files
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

32
docs/releases/1.3.txt
View File

@ -305,34 +305,10 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests. custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
this; the call to jQuery's ajaxSetup will cause all AJAX requests to that demonstrates this technique, ensuring that you are looking at the
send back the CSRF token in the custom X-CSRFTOKEN header:: documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.
$.ajaxSetup({
beforeSend: function(xhr, settings) {
function getCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = jQuery.trim(cookies[i]);
// Does this cookie string begin with the name we want?
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken", getCookie('csrftoken'));
}
}
});
Restricted filters in admin interface Restricted filters in admin interface
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~