Opened 6 years ago

Closed 6 years ago

Last modified 6 years ago

#15259 closed (fixed)

Django Weblog suggested workaround for XMLHttpRequest CSRF fix in 1.2.5 uses wrong jQuery selector

Reported by: markhellewell Owned by: nobody
Component: *.djangoproject.com Version: 1.2
Severity: Keywords: blocker
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The "{% csrf_token %}" template tag outputs a form field which looks like this:

<input type='hidden' name='csrfmiddlewaretoken' value='...'/>

but the jQuery example of how to include this in your XMLHttpRequest uses an id-style selector. It should instead look like this:

$("input[name='csrfmiddlewaretoken']").val()

Change History (5)

comment:1 Changed 6 years ago by Russell Keith-Magee

Keywords: blocker added
Needs documentation: unset
Needs tests: unset
Patch needs improvement: unset
Triage Stage: UnreviewedAccepted

There are a couple of follow up items that probably bear mentioning:

  • Correcting this error in the example
  • Pointing out the other two minor backwards incompatibilities listed in the release notes.

comment:2 Changed 6 years ago by Russell Keith-Magee

Resolution: fixed
Status: newclosed

In [15482]:

Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

comment:3 Changed 6 years ago by Russell Keith-Magee

Blog post has been made; fixes to release notes will be landing soon.

comment:4 Changed 6 years ago by Russell Keith-Magee

In [15483]:

[1.2.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.

comment:4 Changed 6 years ago by Russell Keith-Magee

In [15484]:

[1.1.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.

Note: See TracTickets for help on using tickets.
Back to Top