diff --git a/docs/ref/contrib/csrf.txt b/docs/ref/contrib/csrf.txt index 3ece422c66..fe3b60be57 100644 --- a/docs/ref/contrib/csrf.txt +++ b/docs/ref/contrib/csrf.txt @@ -188,9 +188,12 @@ applications in your project will meet its requirements by virtue of the The next step is to update all your applications to use the template tag, as described in `How to use it`_, steps 2-3. This can be done as soon as is -practical. Any applications that are updated will now require Django 1.2 or +practical. Any applications that are updated will now require Django 1.1.2 or later, since they will use the CSRF template tag which was not available in -earlier versions. +earlier versions. (The template tag in 1.1.2 is actually a no-op that exists +solely to ease the transition to 1.2 — it allows apps to be created that have +CSRF protection under 1.2 without requiring users of the apps to upgrade to the +Django 1.2.X series). The utility script ``extras/csrf_migration_helper.py`` can help to automate the finding of code and templates that may need to be upgraded. It contains full diff --git a/docs/ref/templates/builtins.txt b/docs/ref/templates/builtins.txt index 7084dc0a78..8266224c39 100644 --- a/docs/ref/templates/builtins.txt +++ b/docs/ref/templates/builtins.txt @@ -56,9 +56,12 @@ Ignore everything between ``{% comment %}`` and ``{% endcomment %}`` csrf_token ~~~~~~~~~~ -.. versionadded:: 1.2 +.. versionadded:: 1.1.2 -This is described in the documentation for :ref:`Cross Site Request Forgeries `. +In the Django 1.1.X series, this is a no-op tag that returns an empty string for +future compatibility purposes. In Django 1.2 and later, it is used for CSRF +protection, as described in the documentation for :ref:`Cross Site Request +Forgeries `. cycle ~~~~~