#15259 closed (fixed)
Django Weblog suggested workaround for XMLHttpRequest CSRF fix in 1.2.5 uses wrong jQuery selector
Reported by: | markhellewell | Owned by: | nobody |
---|---|---|---|
Component: | *.djangoproject.com | Version: | 1.2 |
Severity: | Keywords: | blocker | |
Cc: | Triage Stage: | Accepted | |
Has patch: | no | Needs documentation: | no |
Needs tests: | no | Patch needs improvement: | no |
Easy pickings: | no | UI/UX: | no |
Description
The "{% csrf_token %}" template tag outputs a form field which looks like this:
<input type='hidden' name='csrfmiddlewaretoken' value='...'/>
but the jQuery example of how to include this in your XMLHttpRequest uses an id-style selector. It should instead look like this:
$("input[name='csrfmiddlewaretoken']").val()
Change History (5)
comment:1 by , 14 years ago
Keywords: | blocker added |
---|---|
Triage Stage: | Unreviewed → Accepted |
Note:
See TracTickets
for help on using tickets.
There are a couple of follow up items that probably bear mentioning: