Fixed #16704 -- Documented how to insert the CSRF token outside of Django's own template engine. Thanks paulcwatts and bpeschier for the patch.

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17299 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Aymeric Augustin 2011-12-30 14:55:44 +00:00
parent c458700382
commit 39201d8fe5
1 changed files with 18 additions and 0 deletions

View File

@ -146,6 +146,24 @@ In addition, if the CSRF cookie has not been sent to the client by use of
:ttag:`csrf_token`, you may need to ensure the client receives the cookie by :ttag:`csrf_token`, you may need to ensure the client receives the cookie by
using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`. using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`.
Other template engines
----------------------
When using a different template engine than Django's built-in engine, you can
set the token in your forms manually after making sure it is available in the
context of the template.
So in Cheetah for example, your form could contain the following:
.. code-block:: html
<div style="display:none">
<input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/>
</div>
You may use javascript similar to the :ref:`AJAX code <csrf-ajax>` above to get
the value of the CSRF token.
The decorator method The decorator method
-------------------- --------------------