Code

Opened 4 years ago

Closed 3 years ago

Last modified 3 years ago

#15055 closed (fixed)

Forms documentation neglects csrf token

Reported by: sneakyness Owned by: nobody
Component: Documentation Version: master
Severity: Keywords: forms, POST, csrf token, templates
Cc: Triage Stage: Ready for checkin
Has patch: yes Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

http://docs.djangoproject.com/en/1.2/topics/forms/#displaying-a-form-using-a-template

You can see in any of the POST examples that the csrf token is not included or even mentioned.

Attachments (1)

django15055.formsdocs.diff (1.1 KB) - added by bpeschier 3 years ago.

Download all attachments as: .zip

Change History (7)

comment:1 Changed 4 years ago by lukeplant

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Triage Stage changed from Unreviewed to Accepted

I remember deliberately leaving these examples as they were when other CSRF docs were changed, because from the point of view the forms documentation, adding {% csrf_token %} every time becomes annoying noise. However, I think it does need to be mentioned at least once, it's difficult to know whether it should be every time.

Changed 3 years ago by bpeschier

comment:2 Changed 3 years ago by bpeschier

  • Has patch set

Included the tag in the first example given with an admonition for its presence and the note that it will not be included in further examples.

comment:3 Changed 3 years ago by lukeplant

  • Triage Stage changed from Accepted to Ready for checkin

comment:4 Changed 3 years ago by gabrielhurley

  • Resolution set to fixed
  • Status changed from new to closed

In [15445]:

Fixed #15055 -- added information about (and an example of) the csrf_token template tag to the forms documentation. Thanks to sneakyness for the report and bpeschier for the draft patch.

comment:5 Changed 3 years ago by gabrielhurley

In [15446]:

[1.2.X] Fixed #15055 -- added information about (and an example of) the csrf_token template tag to the forms documentation. Thanks to sneakyness for the report and bpeschier for the draft patch.

Backport of [15445] from trunk.

comment:6 Changed 3 years ago by jacob

  • milestone 1.3 deleted

Milestone 1.3 deleted

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.