CSRF changes not noted on backwards incompatible page

[shadfc]

They are not strictly backward incompatible, but a django update which included the CSRF changes did break my login page. I had a custom template and didn't have the {% csrf_token %} tag, so I got a nice/nasty error when trying to login.

[Luke Plant]

Which page are you referring to? BackwardsIncompatibleChanges is not the place for that kind of thing — it clearly says "If you're already running Django 1.0, you need not worry about anything on this page" at the top.

The only place we have for this kind of thing at the moment is release notes. The beginnings of the release notes for 1.2 do include the CSRF changes: ​http://code.djangoproject.com/browser/django/trunk/docs/releases/1.2-alpha.txt

Perhaps we need another place for this kind of thing. It might be a compilation of the "backwards incompatible" section of release notes or something like that. I'm going to close this as INVALID, but suggest you bring this up on django-dev. Perhaps the solution is to create a wiki page with notes for people following trunk.

[anonymous]

I was under the impression that the FutureBackwardsImcompatible page might be the place for this.

[shadfc]

Sorry, that should have been FutureBackwardsIncompatibleChanges

[Luke Plant]

This is actually a documentation bug - ​http://docs.djangoproject.com/en/dev/releases/ clearly says that BackwardsIncompatibleChanges contains the information you were looking for, but it doesn't. That needs to be fixed, I've started a thread on django-dev about this.

[Luke Plant]

(In [11738]) Fixed #12198 - CSRF changes not clearly noted in docs.

The docs no longer unhelpfully point to BackwardsIncompatibleChanges,
and instead a section has been added to help those upgrading and
those following trunk. Tentative 1.2 release notes added.