Opened 13 years ago

Closed 13 years ago

Last modified 13 years ago

#15259 closed (fixed)

Django Weblog suggested workaround for XMLHttpRequest CSRF fix in 1.2.5 uses wrong jQuery selector

Reported by: markhellewell Owned by: nobody
Component: *.djangoproject.com Version: 1.2
Severity: Keywords: blocker
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The "{% csrf_token %}" template tag outputs a form field which looks like this:

<input type='hidden' name='csrfmiddlewaretoken' value='...'/>

but the jQuery example of how to include this in your XMLHttpRequest uses an id-style selector. It should instead look like this:

$("input[name='csrfmiddlewaretoken']").val()

Change History (5)

comment:1 by Russell Keith-Magee, 13 years ago

Keywords: blocker added
Triage Stage: UnreviewedAccepted

There are a couple of follow up items that probably bear mentioning:

  • Correcting this error in the example
  • Pointing out the other two minor backwards incompatibilities listed in the release notes.

comment:2 by Russell Keith-Magee, 13 years ago

Resolution: fixed
Status: newclosed

In [15482]:

Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

comment:3 by Russell Keith-Magee, 13 years ago

Blog post has been made; fixes to release notes will be landing soon.

comment:4 by Russell Keith-Magee, 13 years ago

In [15483]:

[1.2.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.

comment:4 by Russell Keith-Magee, 13 years ago

In [15484]:

[1.1.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top