Added info to release notes about CSRF improvements

git-svn-id: http://code.djangoproject.com/svn/django/trunk@16306 bcc190cf-cafb-0310-a4f2-bffc1f526a37
2011-05-31 21:29:35 +00:00 · 2011-05-31 21:29:35 +00:00 · 1a951fa8d4
parent 1cfb00dc41
commit 1a951fa8d4
1 changed files with 10 additions and 0 deletions
--- a/docs/releases/1.4.txt
+++ b/docs/releases/1.4.txt
@ -78,6 +78,16 @@ A new helper function,
 ``template.Library`` to ease the creation of template tags that store some
 data in a specified context variable.

+CSRF improvements
+~~~~~~~~~~~~~~~~~
+
+We've made various improvements to our CSRF features, including the
+:func:`~django.views.decorators.csrf.ensure_csrf_cookie` decorator which can
+help with AJAX heavy sites, protection for PUT and DELETE, and settings
+:setting:`CSRF_COOKIE_SECURE` and :setting:`CSRF_COOKIE_PATH` which can improve
+the security and usefulness of the CSRF protection. See the :doc:`CSRF docs
+</ref/contrib/csrf>` for more information.
+
 .. _backwards-incompatible-changes-1.4:

 Backwards incompatible changes in 1.4