#15055 closed (fixed)
Forms documentation neglects csrf token
| Reported by: | sneakyness | Owned by: | nobody |
|---|---|---|---|
| Component: | Documentation | Version: | dev |
| Severity: | Keywords: | forms, POST, csrf token, templates | |
| Cc: | Triage Stage: | Ready for checkin | |
| Has patch: | yes | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
http://docs.djangoproject.com/en/1.2/topics/forms/#displaying-a-form-using-a-template
You can see in any of the POST examples that the csrf token is not included or even mentioned.
Attachments (1)
Change History (7)
comment:1 by , 14 years ago
| Triage Stage: | Unreviewed → Accepted |
|---|
by , 14 years ago
| Attachment: | django15055.formsdocs.diff added |
|---|
comment:2 by , 14 years ago
| Has patch: | set |
|---|
Included the tag in the first example given with an admonition for its presence and the note that it will not be included in further examples.
comment:3 by , 14 years ago
| Triage Stage: | Accepted → Ready for checkin |
|---|
Note:
See TracTickets
for help on using tickets.
I remember deliberately leaving these examples as they were when other CSRF docs were changed, because from the point of view the forms documentation, adding
{% csrf_token %}every time becomes annoying noise. However, I think it does need to be mentioned at least once, it's difficult to know whether it should be every time.