Django Weblog suggested workaround for XMLHttpRequest CSRF fix in 1.2.5 uses wrong jQuery selector

[markhellewell]

The "{% csrf_token %}" template tag outputs a form field which looks like this:

<input type='hidden' name='csrfmiddlewaretoken' value='...'/>

but the jQuery example of how to include this in your XMLHttpRequest uses an id-style selector. It should instead look like this:

$("input[name='csrfmiddlewaretoken']").val()

[Russell Keith-Magee]

There are a couple of follow up items that probably bear mentioning:

• Correcting this error in the example
• Pointing out the other two minor backwards incompatibilities listed in the release notes.

[Russell Keith-Magee]

In [15482]:

Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

[Russell Keith-Magee]

​Blog post has been made; fixes to release notes will be landing soon.

[Russell Keith-Magee]

In [15483]:

[1.2.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.

[Russell Keith-Magee]

In [15484]:

[1.1.X] Fixed #15253, #15259 -- Added 1.1.4 release notes, added a section on CSRF changes to the 1.3 release notes, and corrected the example in the 1.2.5 release notes. Thanks to Gary Wilson and Mark Hellewell for the reports.

Backport of r15482 from trunk.