#15055 closed (fixed)
Forms documentation neglects csrf token
Reported by: | sneakyness | Owned by: | nobody |
---|---|---|---|
Component: | Documentation | Version: | dev |
Severity: | Keywords: | forms, POST, csrf token, templates | |
Cc: | Triage Stage: | Ready for checkin | |
Has patch: | yes | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
http://docs.djangoproject.com/en/1.2/topics/forms/#displaying-a-form-using-a-template
You can see in any of the POST examples that the csrf token is not included or even mentioned.
Attachments (1)
Change History (7)
comment:1 by , 14 years ago
Triage Stage: | Unreviewed → Accepted |
---|
by , 14 years ago
Attachment: | django15055.formsdocs.diff added |
---|
comment:2 by , 14 years ago
Has patch: | set |
---|
Included the tag in the first example given with an admonition for its presence and the note that it will not be included in further examples.
comment:3 by , 14 years ago
Triage Stage: | Accepted → Ready for checkin |
---|
Note:
See TracTickets
for help on using tickets.
I remember deliberately leaving these examples as they were when other CSRF docs were changed, because from the point of view the forms documentation, adding
{% csrf_token %}
every time becomes annoying noise. However, I think it does need to be mentioned at least once, it's difficult to know whether it should be every time.