diff -r 657f07fc5ef7 docs/ref/contrib/csrf.txt
|
a
|
b
|
|
| 146 | 146 | :ttag:`csrf_token`, you may need to ensure the client receives the cookie by |
| 147 | 147 | using :func:`~django.views.decorators.csrf.ensure_csrf_cookie`. |
| 148 | 148 | |
| | 149 | Other template engines |
| | 150 | ---------------------- |
| | 151 | |
| | 152 | When using a different template engine than Django's built-in engine, you can |
| | 153 | set the token in your forms manually after making sure it is available in the |
| | 154 | context of the template. |
| | 155 | |
| | 156 | So in Cheetah for example, your form could contain the following: |
| | 157 | |
| | 158 | .. code-block:: html |
| | 159 | |
| | 160 | <div style="display:none"> |
| | 161 | <input type="hidden" name="csrfmiddlewaretoken" value="$csrf_token"/> |
| | 162 | </div> |
| | 163 | |
| | 164 | You may use javascript similar to the :ref:`AJAX code <csrf-ajax>` above to get |
| | 165 | the value of the CSRF token. |
| | 166 | |
| 149 | 167 | The decorator method |
| 150 | 168 | -------------------- |
| 151 | 169 | |