[1.1.X] Removed example CSRF jQuery code from release notes, replacing with link to improved code in the CSRF docs

Backport of [15628] from trunk.

git-svn-id: http://code.djangoproject.com/svn/django/branches/releases/1.1.X@15630 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Luke Plant 2011-02-22 11:31:54 +00:00
parent 12fd6e1106
commit 8b5fc4ac00
2 changed files with 6 additions and 14 deletions

View File

@ -39,6 +39,8 @@ replaced instead of using ``CsrfMiddleware``.
(previous versions of Django did not provide these two components
of ``CsrfMiddleware`` as described above)
.. _csrf-ajax:
AJAX
----

View File

@ -62,17 +62,7 @@ header X-CSRFTOKEN, as well as in the form submission itself, for ease
of use with popular JavaScript toolkits which allow insertion of
custom headers into all AJAX requests.
The following example using the jQuery JavaScript toolkit demonstrates
this; the call to jQuery's ajaxSetup will cause all AJAX requests to
send back the CSRF token in the custom X-CSRFTOKEN header::
$.ajaxSetup({
beforeSend: function(xhr, settings) {
if (!(/^http:.*/.test(settings.url) || /^https:.*/.test(settings.url))) {
// Only send the token to relative URLs i.e. locally.
xhr.setRequestHeader("X-CSRFToken",
$("#csrfmiddlewaretoken").val());
}
}
});
Please see the :ref:`CSRF docs for example jQuery code <csrf-ajax>`
that demonstrates this technique, ensuring that you are looking at the
documentation for your version of Django, as the exact code necessary
is different for some older versions of Django.