From 8b5fc4ac009f4db6a30db717456ba6480beb2628 Mon Sep 17 00:00:00 2001 From: Luke Plant Date: Tue, 22 Feb 2011 11:31:54 +0000 Subject: [PATCH] [1.1.X] Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs Backport of [15628] from trunk. git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@15630 bcc190cf-cafb-0310-a4f2-bffc1f526a37 --- docs/ref/contrib/csrf.txt | 2 ++ docs/releases/1.1.4.txt | 18 ++++-------------- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 45d4b459c7..4ebaa33905 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -39,6 +39,8 @@ replaced instead of using ``CsrfMiddleware``. (previous versions of Django did not provide these two components of ``CsrfMiddleware`` as described above) +.. _csrf-ajax: + AJAX ---- diff --git a/docs/releases/1.1.4.txt b/docs/releases/1.1.4.txt index 7a3035f9bd..e561201c18 100644 --- a/docs/releases/1.1.4.txt +++ b/docs/releases/1.1.4.txt @@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease of use with popular JavaScript toolkits which allow insertion of custom headers into all AJAX requests. -The following example using the jQuery JavaScript toolkit demonstrates -this; the call to jQuery's ajaxSetup will cause all AJAX requests to -send back the CSRF token in the custom X-CSRFTOKEN header:: - - $.ajaxSetup({ - beforeSend: function(xhr, settings) { - if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) { - // Only send the token to relative URLs i.e. locally. - xhr.setRequestHeader("X-CSRFToken", - $("#csrfmiddlewaretoken").val()); - } - } - }); - +Please see the :ref:`CSRF docs for example jQuery code ` +that demonstrates this technique, ensuring that you are looking at the +documentation for your version of Django, as the exact code necessary +is different for some older versions of Django.