mirror of https://github.com/django/django.git
Fixed #15055 -- added information about (and an example of) the csrf_token template tag to the forms documentation. Thanks to sneakyness for the report and bpeschier for the draft patch.
git-svn-id: http://code.djangoproject.com/svn/django/trunk@15445 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
parent
1bac26b9a8
commit
0f50ef12bf
|
@ -172,7 +172,7 @@ Forms are designed to work with the Django template language. In the above
|
|||
example, we passed our ``ContactForm`` instance to the template using the
|
||||
context variable ``form``. Here's a simple example template::
|
||||
|
||||
<form action="/contact/" method="post">
|
||||
<form action="/contact/" method="post">{% csrf_token %}
|
||||
{{ form.as_p }}
|
||||
<input type="submit" value="Submit" />
|
||||
</form>
|
||||
|
@ -180,6 +180,15 @@ context variable ``form``. Here's a simple example template::
|
|||
The form only outputs its own fields; it is up to you to provide the surrounding
|
||||
``<form>`` tags and the submit button.
|
||||
|
||||
.. admonition:: Forms and Cross Site Request Forgery protection
|
||||
|
||||
Django ships with an easy-to-use :doc:`protection against Cross Site Request
|
||||
Forgeries </ref/contrib/csrf>`. When submitting a form via POST with
|
||||
CSRF protection enabled you must use the :ttag:`csrf_token` template tag
|
||||
as in the preceding example. However, since CSRF protection is not
|
||||
directly tied to forms in templates, this tag is omitted from the
|
||||
following examples in this document.
|
||||
|
||||
``form.as_p`` will output the form with each form field and accompanying label
|
||||
wrapped in a paragraph. Here's the output for our example template::
|
||||
|
||||
|
|
Loading…
Reference in New Issue